Trojaner-Board - Escan meldet AltNet Spyware

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Escan meldet AltNet Spyware (https://www.trojaner-board.de/18274-escan-meldet-altnet-spyware.html)

Escan meldet AltNet Spyware

Hallo Leude,

habe mal wieder mein System gecheckt.

Weder Adaware,Spybot,A2 noch AntiVir brachten dabei eine Meldung.

Nur der Escan hat folgenden Fund gemeldet:

Mon May 23 17:09:32 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Mon May 23 17:09:39 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Mon May 23 18:01:53 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Dabei handelt es sich offenbar um einen eintrag in der Registry, den ich aber nicht finden kann.

Desweiteren werden jede menge DLLs die zu Invalid Objekts gehören gemeldet.Was hats den damit auf sich?

Mon May 23 18:02:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Csy.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Dan.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ell.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esl.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fin.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Hun.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nor.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Plk.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptb.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Rus.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sky.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Slv.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sve.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Tha.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Trk.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_chs.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_cht.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_kor.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_sve.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\logo.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\scribble.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\dot.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\mnature.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\hoverbot.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\will.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\powerpup.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\genius.act". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000000-0001-0001-0000-000000000000}" refers to invalid object "c:\programme\steganos security suite 6\shredderse.dll". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{000208FE-0000-0000-C000-000000000046}" refers to invalid object "xlrec.dll". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{000208FF-0000-0000-C000-000000000046}" refers to invalid object "xlrec.dll". Action Taken: No Action Taken.

Mon May 23 18:02:14 2005 => Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\MUHURTA\MFC42.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:14 2005 => Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\MUHURTA\MFC42.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:14 2005 => Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\MUHURTA\MFC42.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:14 2005 => Entry "HKCR\CLSID\{0DED49D5-A8B7-4d5d-97A1-12B0C195874D}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken.

Mon May 23 18:02:26 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.

Mon May 23 18:02:26 2005 => Entry "HKCR\CLSID\{8E27C92B-1264-101C-8A2F-040224009C02}" refers to invalid object "C:\MUHURTA\MSCAL.OCX". Action Taken: No Action Taken.

Mon May 23 18:02:26 2005 => Entry "HKCR\CLSID\{8E27C92F-1264-101C-8A2F-040224009C02}" refers to invalid object "C:\MUHURTA\MSCAL.OCX". Action Taken: No Action Taken.

Mon May 23 18:02:27 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.

Mon May 23 18:02:28 2005 => Entry "HKCR\CLSID\{A8561647-E93C-11d3-AC3B-CE6078F7B616}" refers to invalid object "C:\WINDOWS\system32\VSPRINT7.ocx". Action Taken: No Action Taken.

Mon May 23 18:02:29 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.

Mon May 23 18:02:36 2005 => Entry "HKCR\CLSID\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Mon May 23 18:02:54 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Mon May 23 18:02:54 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Mon May 23 18:02:55 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Mon May 23 18:02:55 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Mon May 23 18:02:59 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Mon May 23 18:02:59 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Mon May 23 18:02:59 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Mon May 23 18:02:59 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Zu guter letzt nun noch mein Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 09:38:04, on 26.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Telekom\Eumex 404PC\Capictrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\DOKUME~1\Clyde\LOKALE~1\Temp\Temporäres Verzeichnis 4 für hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=16534
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CAPIControl.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - !file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - !file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - !file:///C:\Programme\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\DOKUME~1\Clyde\LOKALE~1\Temp\outpost.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

Für Eure Bemühungen im vor raus schon mal vielen Dank.

M.f.G raven

Sorry wegen der vielen posts aber bei dem Versuch alles auf einmal hochzuladen bekam ich immer eine Fehlermeldung.

Hatte vor kurzem auch dieses Problem. Obwohl ich in letzter Zeit nichts installiert habe, außer ein Update von Microsoft, hat die neue Version von E-Scan auf einmal diese Meldung ausgegeben. (früher, die alte Version nicht)

Folgender Schlüssel hat diese Meldung ausgelöst:

"HKLM\Software\microsoft\downloadmanager" ab (Standart) REG_SZ (Wert nicht gesetzt)

Nachdem ich diesen gelöscht habe, ist Ruhe.

Außerdem habe ich auch noch diese Einträge gefunden und diese ebenso gelöscht.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="altnet"

[HKEY_USERS\S-1-5-21-57989841-813497703-839522115-500\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="altnet"

[HKEY_USERS\S-1-5-21-57989841-813497703-839522115-500\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"005"="altnet"

Nachdem es mir keine Ruhe gelassen hat, habe ich gesucht und dies gefunden:

a² HiJackFree Prozess Details:
Dateiname: avgctrl.exe
Standard Pfad: %programpath%\
[Hinweis: %programpath% ist üblicherweise c:\programme auf deutschen Systemen]
Clsid: C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1
Betriebssysteme: Win 98/ME, Win NT4, Win 2000, Win XP, Win 2003

Software Name: Antivir Guard/XP Control Program
Firmenname: H+BEDV DatentechnikGmbH
Firmen Website: h**p://www.antivir.de
Ist Teil der Produkte: Antivir personal (virus scanner)
Läuft als Dienst: Nein
Ist sichtbarer Task: Ja

Status: 0 - Keine Malware
Beschreibung: Antivir Guard/XP Control Program

Was die Auswertung von HijackThis betrifft, diese überlasse ich den Profis von hier, die das besser können. :)

Danke Rich !
Also mal wieder Microschrott.
Dann werde ich doch mal diesen Schlüssel löschen.

gruß raven

OK schlüssel gelöscht und erstes Problem erledigt,danke rich.
Aber was hat es mit diesen ganzen errors (siehe oben) auf sich?

gruß raven

Was es mit den vielen Meldungen auf sich hat, kann ich nicht sagen, bei mir war es zwar nur ein invalider Schlüssel, den E-Scan gemeldet hat. Interesannterweise kommt nun keine Fehlermeldung mehr, seit ich diesen ominösen Schlüssel gelöscht habe.
Scanne einfach nochmal nur die Regdateien.