habe mir einen virus eingefangen |
||
---|---|---|
#0
| ||
23.08.2005, 01:06
...neu hier
Beiträge: 2 |
||
|
||
23.08.2005, 08:57
Member
Beiträge: 4730 |
#2
@motzpapa
Kennst Du den Spruch "wenn man keine Ahnung hat ..."? @mastermix Lade Killbox herunter und entpacke es. Lade eScanCheck und führe wie dort auf der Seite beschrieben erstmal nur das Update durch. Lade CCleaner und installiere ihn. HijackThis öffnen, "scan", Häkchen setzen, "fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://top-find4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://top-find4u.com/sp.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://top-find4u.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=alexxp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.254.43.7:3128 R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\qsjre.dll O2 - BHO: - {4e1a65f2-28f0-4372-832d-312f98395e1a} - C:\WINDOWS\System32\p.dll O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\qsjre.dll O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mht!http://vxiframe.biz//adverts//096//targ.chm::/win32.exe O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:osuch.mht!http://85.255.113.4/dl/adv659/x.chm::/load.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c10.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/initial.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://69.50.171.170/traff/1/open.exe O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.96.27.199/activex/AxisCamControl.cab O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F44289-70C4-4982-B3DB-E15ADF97C5CD}: NameServer = 69.50.176.158,85.255.112.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB94487C-BD78-46F7-8CAA-0CBA6FC57F09}: NameServer = 69.50.176.158,85.255.112.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8 O17 - HKLM\System\CS2\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8 O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing) O21 - SSODL: System - {1E71B59D-0995-4B6E-BC78-A9BF5EC5BF21} - C:\WINDOWS\system32\system32.dll Starte den PC in den abgesicherten Modus. Deaktiviere die Systemwiederherstellung: Start -> Systemsteuerung -> System -> Systemwiederherstellung Starte Killbox. Aktiviere Option "Delete on Reboot", füge folgendes in das Eingabefeld ein und bestätige mit Klick auf das weiße Kreuz im roten Kreis. Die Frage, ob jetzt rebootet werden soll, erst nach der letzten Datei mit Ja bestätigen. C:\WINDOWS\System32\qsjre.dll C:\WINDOWS\System32\p.dll C:\WINDOWS\System32\toolbar.dll C:\WINDOWS\msopt.dll C:\WINDOWS\system32\system32.dll Der PC wird neugestartet. Nochmal in den abgesicherten Modus. Starte CCleaner und entferne damit sämtliche Temporären Dateien. Starte eScanCheck und führe einen Systemscan durch, wie auf der oben genannten Seite beschrieben. eScan findet die LOP-Verseuchung, die Du Dir eingefangen hast. Berichte uns von dem Scan. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
24.08.2005, 00:07
...neu hier
Themenstarter Beiträge: 2 |
#3
Sehr herzlichen Dank erstmals!
habe alles so gemacht, wie Du mir gesagt hast, bin die veränderte toolbar los, und habe beim Systemstart keine Probleme mehr. Also schon mal ein Erfolg! was noch nicht passt: Ansicht - Symbbolleisten - Standardschaltflächen, Adressleiste, Links lässt sich nicht anklicken! mit laufendem ZoneAlarm Pro lassen sich einge Internetseiten nicht öffnen, es erscheint dann etwa folgender Text: 0 Transfer-Encoding: chunked Date: Tue, 23 Aug 2005 21:59:19 GMT Server: Apache Last-Modified: Mon, 08 Aug 2005 16:16:31 GMT ETag: "2fc70e-242-5ed4d5c0" Accept-Ranges: bytes --------------: --- Keep-Alive: timeout=10, max=100 Connection: Keep-Alive Content-Type: text/html; charset=ISO-8859-1 Content-Language: de Ich hoffe es helfen folgende logfiles: escan: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Tue Aug 23 23:00:27 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 2: Tue Aug 23 23:00:29 2005 => System found infected with coolwebsearch Spyware/Adware ({0E1230F8-EA50-42A9-983C-D22ABC2EED3B})! Action taken: No Action Taken. 3: Tue Aug 23 23:00:31 2005 => System found infected with isearch Spyware/Adware ({1c78ab3f-a857-482e-80c0-3a1e5238a565})! Action taken: No Action Taken. 4: Tue Aug 23 23:00:32 2005 => System found infected with Media Pass Spyware/Adware ({00ada225-ea6c-4fb3-82e8-68189201ccb9})! Action taken: No Action Taken. 5: Tue Aug 23 23:00:32 2005 => System found infected with Media Pass Spyware/Adware ({15696ae2-6ea4-47f4-bea6-a3d32693efc7})! Action taken: No Action Taken. 6: Tue Aug 23 23:00:33 2005 => System found infected with Windupdates.Media Pass Spyware/Adware ({735c5a0c-f79f-47a1-8ca1-2a2e482662a8})! Action taken: No Action Taken. 7: Tue Aug 23 23:00:33 2005 => System found infected with AdWare.ToolBar.SBSoft.h Spyware/Adware ({08BEC6AA-49FC-4379-3587-4B21E286C19E})! Action taken: No Action Taken. 8: Tue Aug 23 23:00:34 2005 => System found infected with Commonname toolbar Spyware/Adware ({00000000-0000-0000-0000-000000000000})! Action taken: No Action Taken. 9: Tue Aug 23 23:00:37 2005 => System found infected with Bridge Spyware/Adware ({b88a3af1-4f1b-4400-8ffb-3fcb108ce115})! Action taken: No Action Taken. 10: Tue Aug 23 23:00:37 2005 => System found infected with Bridge Spyware/Adware ({c094876d-1b0e-46fa-b6a6-7ffc0f970c27})! Action taken: No Action Taken. 11: Tue Aug 23 23:03:11 2005 => Offending file found: C:\WINDOWS\DOWNLO~1 12: Tue Aug 23 23:03:11 2005 => System found infected with clickspring Spyware/Adware (mediaticketsinstaller.ocx)! Action taken: No Action Taken. 13: Tue Aug 23 23:03:16 2005 => Offending file found: C:\DOKUME~1\WinXP\Desktop\internet.lnk 14: Tue Aug 23 23:03:16 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken. 15: Tue Aug 23 23:03:23 2005 => Offending file found: C:\WINDOWS\DOWNLO~1 16: Tue Aug 23 23:03:23 2005 => System found infected with peopleonpage Spyware/Adware (load.exe)! Action taken: No Action Taken. 17: Tue Aug 23 23:03:24 2005 => Offending file found: C:\WINDOWS\DOWNLO~1 18: Tue Aug 23 23:03:24 2005 => System found infected with SearchMiracle.EliteBar Spyware/Adware (v3.dll)! Action taken: No Action Taken. 19: Tue Aug 23 23:03:26 2005 => Offending file found: \boot.exe 20: Tue Aug 23 23:03:26 2005 => System found infected with vx2 Spyware/Adware (boot.exe)! Action taken: No Action Taken. 21: Tue Aug 23 23:03:27 2005 => Offending file found: C:\WINDOWS\System32\ide21201.vxd 22: Tue Aug 23 23:03:27 2005 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken. 23: Tue Aug 23 23:03:31 2005 => Offending file found: C:\WINDOWS\DOWNLO~1 24: Tue Aug 23 23:03:31 2005 => System found infected with SubmitHook Spyware/Adware (rundlg32.dll)! Action taken: No Action Taken. 25: Tue Aug 23 23:03:31 2005 => Offending file found: C:\WINDOWS\DOWNLO~1 26: Tue Aug 23 23:03:31 2005 => System found infected with SubmitHook Spyware/Adware (webdlg32.dll)! Action taken: No Action Taken. 27: Tue Aug 23 23:03:33 2005 => System found infected with Media Access Spyware/Adware (mediagateway.exe)! Action taken: No Action Taken. 28: Tue Aug 23 23:10:57 2005 => File C:\WINDOWS\System32\cmd32.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken. 29: Tue Aug 23 23:11:01 2005 => File C:\WINDOWS\System32\csrco.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 30: Tue Aug 23 23:16:23 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093057-322.dll infected by "Trojan-Spy.Win32.Banker.aaf" Virus! Action Taken: No Action Taken. 31: Tue Aug 23 23:16:24 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093059-685.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken. 32: Tue Aug 23 23:28:55 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\load.exe infected by "Trojan-Downloader.Win32.Small.bit" Virus! Action Taken: No Action Taken. 33: Tue Aug 23 23:28:55 2005 => File C:\WINDOWS\Downloaded Program Files\gdnAT155.exe infected by "Trojan.Win32.Dialer.ay" Virus! Action Taken: No Action Taken. 34: Tue Aug 23 23:34:14 2005 => File C:\WINDOWS\system32\cmd32.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken. 35: Tue Aug 23 23:34:20 2005 => File C:\WINDOWS\system32\csrco.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Tue Aug 23 23:11:16 2005 => File C:\WINDOWS\System32\finur.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 2: Tue Aug 23 23:11:18 2005 => File C:\WINDOWS\System32\gmdzu.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 3: Tue Aug 23 23:11:19 2005 => File C:\WINDOWS\System32\gwdry.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 4: Tue Aug 23 23:12:06 2005 => File C:\WINDOWS\System32\ntfsnlpa.exe tagged as "not-a-virus:AdWare.Msnagent.b". Action Taken: No Action Taken. 5: Tue Aug 23 23:12:29 2005 => File C:\WINDOWS\System32\rdsndin.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. 6: Tue Aug 23 23:16:24 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093057-487.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 7: Tue Aug 23 23:16:24 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093058-443.dll tagged as "not-a-virus:AdWare.WinAD.j". Action Taken: No Action Taken. 8: Tue Aug 23 23:16:24 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093058-835.dll tagged as "not-a-virus:AdWare.WinAD.bg". Action Taken: No Action Taken. 9: Tue Aug 23 23:16:25 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-103712-405.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 10: Tue Aug 23 23:16:25 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-214756-392.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 11: Tue Aug 23 23:28:54 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.f". Action Taken: No Action Taken. 12: Tue Aug 23 23:28:54 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\webdlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.g". Action Taken: No Action Taken. 13: Tue Aug 23 23:28:55 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rundlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.f". Action Taken: No Action Taken. 14: Tue Aug 23 23:28:55 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rundlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.f". Action Taken: No Action Taken. 15: Tue Aug 23 23:28:56 2005 => File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx tagged as "not-a-virus:AdWare.MediaTickets.f". Action Taken: No Action Taken. 16: Tue Aug 23 23:28:56 2005 => File C:\WINDOWS\Downloaded Program Files\rundlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.f". Action Taken: No Action Taken. 17: Tue Aug 23 23:28:56 2005 => File C:\WINDOWS\Downloaded Program Files\v3.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.s". Action Taken: No Action Taken. 18: Tue Aug 23 23:28:56 2005 => File C:\WINDOWS\Downloaded Program Files\webdlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.g". Action Taken: No Action Taken. 19: Tue Aug 23 23:37:29 2005 => File C:\WINDOWS\system32\finur.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 20: Tue Aug 23 23:37:30 2005 => File C:\WINDOWS\system32\gmdzu.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 21: Tue Aug 23 23:37:31 2005 => File C:\WINDOWS\system32\gwdry.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken. 22: Tue Aug 23 23:38:14 2005 => File C:\WINDOWS\system32\ntfsnlpa.exe tagged as "not-a-virus:AdWare.Msnagent.b". Action Taken: No Action Taken. 23: Tue Aug 23 23:38:42 2005 => File C:\WINDOWS\system32\rdsndin.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Tue Aug 23 23:00:20 2005 => ERROR!!! Invalid Entry \??\D:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI... 2: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AdmilliServX.dll". Action Taken: No Action Taken. 3: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken. 4: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll". Action Taken: No Action Taken. 5: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\d_loader.exe". Action Taken: No Action Taken. 6: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken. 7: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken. 8: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StarInstall.ocx". Action Taken: No Action Taken. 9: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll". Action Taken: No Action Taken. 10: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\xscan53.ocx". Action Taken: No Action Taken. 11: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\toolbar.dll". Action Taken: No Action Taken. 12: Tue Aug 23 23:03:51 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SR 2.0". Action Taken: No Action Taken. 13: Tue Aug 23 23:04:00 2005 => Entry "HKCR\CLSID\{567DB2D4-9B01-4EBF-9FFA-543491BF3379}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken. 14: Tue Aug 23 23:04:02 2005 => Entry "HKCR\CLSID\{6E5526E3-4B91-11d4-876F-005004BCDA99}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken. 15: Tue Aug 23 23:04:02 2005 => Entry "HKCR\CLSID\{6E5526E4-4B91-11d4-876F-005004BCDA99}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken. 16: Tue Aug 23 23:04:06 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken. 17: Tue Aug 23 23:04:07 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken. 18: Tue Aug 23 23:04:12 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken. 19: Tue Aug 23 23:04:14 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken. 20: Tue Aug 23 23:04:15 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken. 21: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{015ADC1F-CABC-4D20-9331-C27955A1A040}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 22: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{038D2262-E79F-4D6F-AAD9-F2408A13EAB3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 23: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{052A1D0F-E9FF-4F9A-BC58-A9E77A86F6F7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 24: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{09EE5B94-51D7-437D-8982-256B76A3A3C7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 25: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{0B37BB6F-83F6-47FB-B153-1D56751C9B37}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 26: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{10CDD085-7D09-4205-B2BA-91048424BE12}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 27: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{110FA82F-DB6C-3C24-8929-60961D10C56E}" refers to invalid object "C:\WINDOWS\System32\kphaf.dll". Action Taken: No Action Taken. 28: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{13D4BDB8-91A4-46D7-BA99-F59E5B53D833}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 29: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{14EF771B-491F-4078-A593-F5596EC2D387}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 30: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}" refers to invalid object "C:\Program Files\Media Gateway\MediaGateway.exe". Action Taken: No Action Taken. 31: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{17FC562C-9FE1-4288-9E01-8A09C7CE83D3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 32: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{1AC9A5B4-A075-44E8-8E8B-AB286EC04FFA}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 33: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{2024EC7E-BCE1-4357-88C9-11799FCE43CB}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 34: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{26531A0D-A62E-4C19-AC0A-F3E8CB0EEE67}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 35: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{268A9E16-32FE-47E0-B5C2-5249232FE15F}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 36: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{2F684D25-6D82-4751-8E8C-D0569CE2DE57}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 37: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{30197703-F685-48A2-9157-7C96D0D49C82}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 38: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{32472C54-19A9-49A0-BDCE-E335AD7D83B4}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 39: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{39FDBD2C-3F8C-4D58-80D4-24DA6BF8AC77}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 40: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{3B698628-3F74-4970-8182-3B29DBC28039}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 41: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{3FAED731-3772-4CC8-ACEE-3056616FB9CF}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 42: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{45AE2A1A-492A-44FB-8F20-6F2E069683F1}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 43: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{45E60C84-8E1F-47B8-A027-93B4BCDAE05D}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 44: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{474202FD-41B0-4E9D-91D8-831870D8B4AA}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 45: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{492119D6-AA0A-4566-9DEF-0B01D1C23785}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 46: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{4938B29D-48E7-4044-A93C-9D6708F2F821}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 47: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{4BCD20EC-51F1-4746-8CAF-8F5A713B43D3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 48: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{52B6F9D5-A042-4ADB-8F6F-D5C3899F4CCF}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 49: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{5713F0BD-2757-432F-9A93-6366C81F437B}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 50: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{59C9C6D3-0809-4217-86F6-2706742ACEAC}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 51: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{5C4EE682-6B32-4DB4-A90B-D36C31B52153}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 52: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{5EC78C7B-BE8C-4CB9-B547-E06EECEC329A}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 53: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{663DBFBD-9287-4291-804D-2BC41DDF1737}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 54: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{6CAD4F8F-3830-45B3-B13E-5973E0C306CB}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 55: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{6D243138-DD75-4C8B-AA23-F14EA70A9206}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 56: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{6DD8F112-F31D-46B4-8E15-7D38EA4F9FD6}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 57: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{706EA865-5E2D-41BF-B63A-366BCDEE011D}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 58: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{714A0837-CBA6-474E-BCBC-DEBBA6129790}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 59: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{72D43B21-776B-4BFE-B144-9CBA142F4731}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 60: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{737ED547-E1FD-4B6E-B3DC-7B6BDF5DD5E6}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 61: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7928BCE2-94CC-4504-9F28-1E60E3966957}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 62: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{79530433-4CF0-4FE5-A596-CAE0010AFEAC}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 63: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7BD423C2-AF19-4380-9D5A-E6A0EB2E488A}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 64: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7C62C966-FE96-493C-9AD9-3FE2D3250E1C}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 65: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7D0D356C-3494-4A41-A107-B2305E52B6D7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 66: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7ED10132-EDFD-4A7A-892F-2BCC17EDE4AE}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 67: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7FB373C8-8D47-4AC8-886A-C729F568D2A3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\PPT8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken. 68: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{80C08007-8775-4A70-94E9-7A728EA5253C}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 69: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{82B5A577-4325-4EB9-9242-A4D8690ADD85}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 70: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{887B09FC-6A4C-409E-944B-ACF20162337D}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 71: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{8889E5E8-6DC3-4C09-9FE9-340C497F67D7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 72: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{8959FF12-54B4-4357-89EB-AE5135FBCC1E}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 73: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{896A64B6-2BEE-4843-95E2-3FE300FF64F6}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 74: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{8BD01577-B63A-4C4E-B4FB-3723837A0D1C}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 75: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{914DC167-6442-494C-B856-28BD35772BE8}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 76: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{917623C2-D8E5-11D2-BE8B-00104B06BDE3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken. 77: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{A18F8456-5368-4B8A-BA6E-5F2FA2CB33A8}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 78: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{A93A3860-C697-41F1-BE66-CED1B3BED2F9}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 79: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{ABB416FC-E173-4DD3-A193-68B99F7DA2D6}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 80: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{AC6DB17B-2212-4B6F-A587-4C00BF29DE90}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 81: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{B0864203-BA62-4A7A-830B-0B4EF616D616}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 82: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{B73019CA-B815-4493-B0BD-1A4B25942F03}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 83: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{B9AF9AEC-0704-4B38-9CB9-D32C2B50F929}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 84: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{BEDCDBC8-C8B6-43B1-AB18-8F3F382595B3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 85: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{C0030B93-F33D-4D54-BF7D-73F15CB9B05A}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 86: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27}" refers to invalid object "C:\WINDOWS\System32\jao.dll". Action Taken: No Action Taken. 87: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{C0DEB12B-5445-4F95-9BB5-A9742C21744A}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 88: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{C3E949D5-14FF-453E-9A53-53B5216105D7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 89: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{CA997DF9-E482-4466-8201-E826BAD5E0D9}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 90: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{CCE64F31-229C-470F-948D-AF8B129491B9}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\Word8.0\MARQUEELib.exd". Action Taken: No Action Taken. 91: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{CEF76CA3-6776-46FB-81BE-653006D12481}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 92: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{D20E6974-A4DE-4EE1-9D1A-A5A3197E0FA0}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 93: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{D7DC3E06-6F08-4BD8-B8A7-CD25AFA624A0}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 94: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{D9F1EFB2-FEF9-4B2A-8538-86A2D937E733}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 95: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{DE4D88C9-2013-4206-A2F2-3981CCAFE29C}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 96: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{E6F5FD73-B1A1-432D-8DF6-FBED71A2EB8D}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 97: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{ECA58E33-42E3-4000-BDA6-CF556CA959BF}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 98: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{EDDD0933-6D13-4920-B566-D99B00A15D42}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 99: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{F326DD94-705E-4797-A632-F360F76E7629}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 100: Tue Aug 23 23:04:19 2005 => Entry "HKCR\TypeLib\{F57B25DE-1945-4BE1-8B3D-A1065F8B31A9}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken. 101: Tue Aug 23 23:04:19 2005 => Entry "HKCR\TypeLib\{F7BBFD79-8F22-4EC6-B065-9D1C0FCA72BD}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. 102: Tue Aug 23 23:04:19 2005 => Entry "HKCR\TypeLib\{FCBE6891-BD8C-44BD-B2E2-2D3DEE84B4DC}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 103: Tue Aug 23 23:04:19 2005 => Entry "HKCR\TypeLib\{FD924786-99D7-47D8-8B54-ED2597346C21}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 104: Tue Aug 23 23:04:19 2005 => Entry "HKCR\.aut" refers to invalid object "iPIX.ipsfiles.1". Action Taken: No Action Taken. 105: Tue Aug 23 23:04:19 2005 => Entry "HKCR\.bub" refers to invalid object "iPIX.ipxfiles.1". Action Taken: No Action Taken. 106: Tue Aug 23 23:04:20 2005 => Entry "HKCR\.ips" refers to invalid object "iPIX.ipsfiles.1". Action Taken: No Action Taken. 107: Tue Aug 23 23:04:20 2005 => Entry "HKCR\.ipx" refers to invalid object "iPIX.ipxfiles.1". Action Taken: No Action Taken. 108: Tue Aug 23 23:04:21 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken. 109: Tue Aug 23 23:04:23 2005 => Entry "HKCR\ATLCamImage.PropertyPage1" refers to invalid object "{CA42B92C-4FE8-11D3-9A4C-009027665B0F}". Action Taken: No Action Taken. 110: Tue Aug 23 23:04:23 2005 => Entry "HKCR\ATLCamImage.PropertyPage1.1" refers to invalid object "{CA42B92C-4FE8-11D3-9A4C-009027665B0F}". Action Taken: No Action Taken. 111: Tue Aug 23 23:04:33 2005 => Entry "HKCR\Jao.jao" refers to invalid object "{80BB7465-A638-43B5-9827-8E8FE38DFCC1}". Action Taken: No Action Taken. 112: Tue Aug 23 23:04:33 2005 => Entry "HKCR\Jao.jao.1" refers to invalid object "{80BB7465-A638-43B5-9827-8E8FE38DFCC1}". Action Taken: No Action Taken. 113: Tue Aug 23 23:04:34 2005 => Entry "HKCR\MediaGateway.Installer" refers to invalid object "{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}". Action Taken: No Action Taken. 114: Tue Aug 23 23:13:08 2005 => Result: ERROR!!! File C:\DOKUME~1\WinXP\LOKALE~1\TEMPOR~1\Content.IE5\6YZIJTUD\0X6JCPMB\google[1].htm: Scanning Failure!!! 115: Tue Aug 23 23:13:08 2005 => ERROR!!! ScanFile fails for C:\DOKUME~1\WinXP\LOKALE~1\TEMPOR~1\Content.IE5\6YZIJTUD\0X6JCPMB\google[1].htm 116: Tue Aug 23 23:15:24 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\WinXP\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6YZIJTUD\0X6JCPMB\google[1].htm: Scanning Failure!!! 117: Tue Aug 23 23:15:24 2005 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\WinXP\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6YZIJTUD\0X6JCPMB\google[1].htm 118: Tue Aug 23 23:39:32 2005 => ERROR!!! FindFirstFile For E:\*.* Failed!!! Reason is Auf dem Datenträger befindet sich kein erkanntes Dateisystem. -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\WINDOWS\System32\cmd32.exe => Trojan-Downloader.Win32.Delf.cb 2: C:\WINDOWS\System32\csrco.exe => Trojan-Dropper.Win32.Vidro.u 3: C:\Programme\ffdshow\hijack\backups\backup-20050823-093057-322.dll => Trojan-Spy.Win32.Banker.aaf 4: C:\Programme\ffdshow\hijack\backups\backup-20050823-093059-685.dll => Trojan-Downloader.Win32.IstBar.gen 5: C:\WINDOWS\Downloaded Program Files\CONFLICT.4\load.exe => Trojan-Downloader.Win32.Small.bit 6: C:\WINDOWS\Downloaded Program Files\gdnAT155.exe => Trojan.Win32.Dialer.ay 7: C:\WINDOWS\system32\cmd32.exe => Trojan-Downloader.Win32.Delf.cb 8: C:\WINDOWS\system32\csrco.exe => Trojan-Dropper.Win32.Vidro.u -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Tue Aug 23 23:39:32 2005 => Total Objects Scanned: 51949 Tue Aug 23 23:39:32 2005 => Total Virus(es) Found: 58 Tue Aug 23 23:39:32 2005 => Total Errors: 116 Tue Aug 23 23:39:32 2005 => Virus Database Date: 2005/08/23 Tue Aug 23 23:39:32 2005 => Virus Database Count: 145176 Tue Aug 23 23:39:58 2005 => Total Objects Scanned: 51949 Tue Aug 23 23:39:58 2005 => Total Virus(es) Found: 58 Tue Aug 23 23:39:58 2005 => Total Errors: 116 hijack: Logfile of HijackThis v1.99.1 Scan saved at 00:02:00, on 24.08.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\WINDOWS\System32\RunDll32.exe C:\Programme\V-Stream\PVR Plus\TVR\Scheduled.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Programme\Winamp\winampa.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Programme\Messenger\msmsgs.exe C:\Programme\V-Stream\TV878\C7XRCtl.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\Programme\ffdshow\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orf.at/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe O4 - HKLM\..\Run: [PVR Agent] C:\Programme\V-Stream\PVR Plus\TVR\Scheduled.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dmtmr.exe] C:\WINDOWS\System32\dmtmr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: TV Remote Control.lnk = C:\Programme\V-Stream\TV878\C7XRCtl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.flexview.de/InstallationsAssistent.ocx O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Ich hoffe dies Informationen helfen, mir bei meinem Problem noch ein bisschen weiterhelfen zu können, Herzlichen Dank schonmals im voraus! |
|
|
||
24.08.2005, 02:42
Member
Beiträge: 4730 |
#4
Zitat mit laufendem ZoneAlarm Pro lassen sich einge Internetseiten nicht öffnen,Ja, dass es Probleme mit ZoneAlarm ist hinlänglich bekannt (alle meine Bekannten hatten damit bisher Probleme). Deinstalliere ZoneAlarm und installiere Dir stattdessen die Sygate-Firewall. Ohje... das sind ja schlimm aus *grusel* Eigentlich wäre hier Formatieren zu empfehlen. Wenn nicht, dann hier weitermachen (keine Garantie, dass wir das hinbekommen): Fixe nochmals mit HJT: O4 - HKLM\..\Run: [dmtmr.exe] C:\WINDOWS\System32\dmtmr.exe Starte den PC im abgesicherten Modus. Jetzt benutzen wir abermals die Killbox (Anwendung wie gehabt): C:\Dokumente und Einstellungen\WinXP\Desktop\internet.lnk C:\WINDOWS\System32\ide21201.vxd C:\WINDOWS\System32\cmd32.exe C:\WINDOWS\System32\csrco.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.4\load.exe C:\WINDOWS\Downloaded Program Files\gdnAT155.exe C:\WINDOWS\System32\finur.dll C:\WINDOWS\System32\gmdzu.dll C:\WINDOWS\System32\gwdry.dll C:\WINDOWS\System32\ntfsnlpa.exe C:\WINDOWS\System32\rdsndin.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\webdlg32.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rundlg32.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rundlg32.dll C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx C:\WINDOWS\Downloaded Program Files\rundlg32.dll C:\WINDOWS\Downloaded Program Files\v3.dll C:\WINDOWS\Downloaded Program Files\webdlg32.dll C:\WINDOWS\system32\finur.dll C:\WINDOWS\system32\gmdzu.dll C:\WINDOWS\system32\gwdry.dll C:\WINDOWS\system32\ntfsnlpa.exe C:\WINDOWS\system32\rdsndin.exe C:\WINDOWS\System32\dmtmr.exe Bitte lokalisiere selbst die folgenden beiden Dateien: boot.exe mediagateway.exe Diese ebenfalls bei Killbox mit einfügen. Lade Dir Ewido und mache damit einen Systemscan (inkl. Säuberung). Berichte von dem Ergebnis. Dann erneutes HJT und bitte nochmals eScan durchlaufen lassen. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
ich komme nicht mehr weiter und hoffe auf Eure Hilfe!
Habe mir einen virus eingefangen, der mein IE toolbar verändert hat (yahho toolbar) und online komme ich nur mehr, wenn ich zone alarm pro abschalte! ausserdem geht die Systemwiederherstellung nicht mehr und beim hochfahren macht mein PC auch Probleme. adaware und symantec antivirus haben nix gefunden, vielleicht könnt Ihr mir weiterhelfen.
logfile von hijack habe ich auch:
Logfile of HijackThis v1.99.1
Scan saved at 00:42:06, on 23.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\V-Stream\PVR Plus\TVR\Scheduled.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\V-Stream\TV878\C7XRCtl.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ffdshow\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://top-find4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orf.at/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=alexxp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orf.at/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.254.43.7:3128
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\qsjre.dll
O2 - BHO: - {4e1a65f2-28f0-4372-832d-312f98395e1a} - C:\WINDOWS\System32\p.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\qsjre.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [PVR Agent] C:\Programme\V-Stream\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Programme\V-Stream\TV878\C7XRCtl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mht!http://vxiframe.biz//adverts//096//targ.chm::/win32.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:osuch.mht!http://85.255.113.4/dl/adv659/x.chm::/load.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c10.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/initial.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://69.50.171.170/traff/1/open.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.96.27.199/activex/AxisCamControl.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.flexview.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F44289-70C4-4982-B3DB-E15ADF97C5CD}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB94487C-BD78-46F7-8CAA-0CBA6FC57F09}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: System - {1E71B59D-0995-4B6E-BC78-A9BF5EC5BF21} - C:\WINDOWS\system32\system32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
würde mich über Hilfe sehr sehr freuen, herzlichen Dank
Anton