habe mir einen virus eingefangen

#0
23.08.2005, 01:06
...neu hier

Beiträge: 2
#1 hallo an alle,

ich komme nicht mehr weiter und hoffe auf Eure Hilfe!

Habe mir einen virus eingefangen, der mein IE toolbar verändert hat (yahho toolbar) und online komme ich nur mehr, wenn ich zone alarm pro abschalte! ausserdem geht die Systemwiederherstellung nicht mehr und beim hochfahren macht mein PC auch Probleme. adaware und symantec antivirus haben nix gefunden, vielleicht könnt Ihr mir weiterhelfen.

logfile von hijack habe ich auch:

Logfile of HijackThis v1.99.1

Scan saved at 00:42:06, on 23.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\V-Stream\PVR Plus\TVR\Scheduled.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\V-Stream\TV878\C7XRCtl.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ffdshow\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://top-find4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orf.at/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=alexxp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.orf.at/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.254.43.7:3128
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\qsjre.dll
O2 - BHO: - {4e1a65f2-28f0-4372-832d-312f98395e1a} - C:\WINDOWS\System32\p.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\qsjre.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [PVR Agent] C:\Programme\V-Stream\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Programme\V-Stream\TV878\C7XRCtl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://vxiframe.biz//adverts//096//targ.chm::/win32.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:osuch.mht!http://85.255.113.4/dl/adv659/x.chm::/load.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c10.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/initial.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://69.50.171.170/traff/1/open.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.96.27.199/activex/AxisCamControl.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.flexview.de/InstallationsAssistent.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F44289-70C4-4982-B3DB-E15ADF97C5CD}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB94487C-BD78-46F7-8CAA-0CBA6FC57F09}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: System - {1E71B59D-0995-4B6E-BC78-A9BF5EC5BF21} - C:\WINDOWS\system32\system32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

würde mich über Hilfe sehr sehr freuen, herzlichen Dank
Anton
Seitenanfang Seitenende
23.08.2005, 08:57
Member
Avatar Gool

Beiträge: 4730
#2 @motzpapa
Kennst Du den Spruch "wenn man keine Ahnung hat ..."?

@mastermix
Lade Killbox herunter und entpacke es.

Lade eScanCheck und führe wie dort auf der Seite beschrieben erstmal nur das Update durch.

Lade CCleaner und installiere ihn.

HijackThis öffnen, "scan", Häkchen setzen, "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://top-find4u.com/sp.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://top-find4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=alexxp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 220.254.43.7:3128
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\qsjre.dll
O2 - BHO: - {4e1a65f2-28f0-4372-832d-312f98395e1a} - C:\WINDOWS\System32\p.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\qsjre.dll
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://vxiframe.biz//adverts//096//targ.chm::/win32.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:osuch.mht!http://85.255.113.4/dl/adv659/x.chm::/load.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c10.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/initial.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://69.50.171.170/traff/1/open.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.96.27.199/activex/AxisCamControl.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5F44289-70C4-4982-B3DB-E15ADF97C5CD}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB94487C-BD78-46F7-8CAA-0CBA6FC57F09}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{02F4E052-7E4C-45A8-A006-64ADA30FA788}: NameServer = 69.50.176.158,85.255.112.8
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
O21 - SSODL: System - {1E71B59D-0995-4B6E-BC78-A9BF5EC5BF21} - C:\WINDOWS\system32\system32.dll

Starte den PC in den abgesicherten Modus.

Deaktiviere die Systemwiederherstellung:
Start -> Systemsteuerung -> System -> Systemwiederherstellung

Starte Killbox. Aktiviere Option "Delete on Reboot", füge folgendes in das Eingabefeld ein und bestätige mit Klick auf das weiße Kreuz im roten Kreis. Die Frage, ob jetzt rebootet werden soll, erst nach der letzten Datei mit Ja bestätigen.

C:\WINDOWS\System32\qsjre.dll
C:\WINDOWS\System32\p.dll
C:\WINDOWS\System32\toolbar.dll
C:\WINDOWS\msopt.dll
C:\WINDOWS\system32\system32.dll

Der PC wird neugestartet. Nochmal in den abgesicherten Modus.
Starte CCleaner und entferne damit sämtliche Temporären Dateien.

Starte eScanCheck und führe einen Systemscan durch, wie auf der oben genannten Seite beschrieben. eScan findet die LOP-Verseuchung, die Du Dir eingefangen hast. Berichte uns von dem Scan.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
24.08.2005, 00:07
...neu hier

Themenstarter

Beiträge: 2
#3 Sehr herzlichen Dank erstmals!

habe alles so gemacht, wie Du mir gesagt hast, bin die veränderte toolbar los, und habe beim Systemstart keine Probleme mehr. Also schon mal ein Erfolg!

was noch nicht passt:

Ansicht - Symbbolleisten - Standardschaltflächen, Adressleiste, Links lässt sich nicht anklicken!

mit laufendem ZoneAlarm Pro lassen sich einge Internetseiten nicht öffnen, es erscheint dann etwa folgender Text:

0 Transfer-Encoding: chunked Date: Tue, 23 Aug 2005 21:59:19 GMT Server: Apache Last-Modified: Mon, 08 Aug 2005 16:16:31 GMT ETag: "2fc70e-242-5ed4d5c0" Accept-Ranges: bytes --------------: --- Keep-Alive: timeout=10, max=100 Connection: Keep-Alive Content-Type: text/html; charset=ISO-8859-1 Content-Language: de

Ich hoffe es helfen folgende logfiles:

escan:


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Tue Aug 23 23:00:27 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
2: Tue Aug 23 23:00:29 2005 => System found infected with coolwebsearch Spyware/Adware ({0E1230F8-EA50-42A9-983C-D22ABC2EED3B})! Action taken: No Action Taken.
3: Tue Aug 23 23:00:31 2005 => System found infected with isearch Spyware/Adware ({1c78ab3f-a857-482e-80c0-3a1e5238a565})! Action taken: No Action Taken.
4: Tue Aug 23 23:00:32 2005 => System found infected with Media Pass Spyware/Adware ({00ada225-ea6c-4fb3-82e8-68189201ccb9})! Action taken: No Action Taken.
5: Tue Aug 23 23:00:32 2005 => System found infected with Media Pass Spyware/Adware ({15696ae2-6ea4-47f4-bea6-a3d32693efc7})! Action taken: No Action Taken.
6: Tue Aug 23 23:00:33 2005 => System found infected with Windupdates.Media Pass Spyware/Adware ({735c5a0c-f79f-47a1-8ca1-2a2e482662a8})! Action taken: No Action Taken.
7: Tue Aug 23 23:00:33 2005 => System found infected with AdWare.ToolBar.SBSoft.h Spyware/Adware ({08BEC6AA-49FC-4379-3587-4B21E286C19E})! Action taken: No Action Taken.
8: Tue Aug 23 23:00:34 2005 => System found infected with Commonname toolbar Spyware/Adware ({00000000-0000-0000-0000-000000000000})! Action taken: No Action Taken.
9: Tue Aug 23 23:00:37 2005 => System found infected with Bridge Spyware/Adware ({b88a3af1-4f1b-4400-8ffb-3fcb108ce115})! Action taken: No Action Taken.
10: Tue Aug 23 23:00:37 2005 => System found infected with Bridge Spyware/Adware ({c094876d-1b0e-46fa-b6a6-7ffc0f970c27})! Action taken: No Action Taken.
11: Tue Aug 23 23:03:11 2005 => Offending file found: C:\WINDOWS\DOWNLO~1
12: Tue Aug 23 23:03:11 2005 => System found infected with clickspring Spyware/Adware (mediaticketsinstaller.ocx)! Action taken: No Action Taken.
13: Tue Aug 23 23:03:16 2005 => Offending file found: C:\DOKUME~1\WinXP\Desktop\internet.lnk
14: Tue Aug 23 23:03:16 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.
15: Tue Aug 23 23:03:23 2005 => Offending file found: C:\WINDOWS\DOWNLO~1
16: Tue Aug 23 23:03:23 2005 => System found infected with peopleonpage Spyware/Adware (load.exe)! Action taken: No Action Taken.
17: Tue Aug 23 23:03:24 2005 => Offending file found: C:\WINDOWS\DOWNLO~1
18: Tue Aug 23 23:03:24 2005 => System found infected with SearchMiracle.EliteBar Spyware/Adware (v3.dll)! Action taken: No Action Taken.
19: Tue Aug 23 23:03:26 2005 => Offending file found: \boot.exe
20: Tue Aug 23 23:03:26 2005 => System found infected with vx2 Spyware/Adware (boot.exe)! Action taken: No Action Taken.
21: Tue Aug 23 23:03:27 2005 => Offending file found: C:\WINDOWS\System32\ide21201.vxd
22: Tue Aug 23 23:03:27 2005 => System found infected with windupdate Spyware/Adware (ide21201.vxd)! Action taken: No Action Taken.
23: Tue Aug 23 23:03:31 2005 => Offending file found: C:\WINDOWS\DOWNLO~1
24: Tue Aug 23 23:03:31 2005 => System found infected with SubmitHook Spyware/Adware (rundlg32.dll)! Action taken: No Action Taken.
25: Tue Aug 23 23:03:31 2005 => Offending file found: C:\WINDOWS\DOWNLO~1
26: Tue Aug 23 23:03:31 2005 => System found infected with SubmitHook Spyware/Adware (webdlg32.dll)! Action taken: No Action Taken.
27: Tue Aug 23 23:03:33 2005 => System found infected with Media Access Spyware/Adware (mediagateway.exe)! Action taken: No Action Taken.
28: Tue Aug 23 23:10:57 2005 => File C:\WINDOWS\System32\cmd32.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken.
29: Tue Aug 23 23:11:01 2005 => File C:\WINDOWS\System32\csrco.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
30: Tue Aug 23 23:16:23 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093057-322.dll infected by "Trojan-Spy.Win32.Banker.aaf" Virus! Action Taken: No Action Taken.
31: Tue Aug 23 23:16:24 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093059-685.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
32: Tue Aug 23 23:28:55 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\load.exe infected by "Trojan-Downloader.Win32.Small.bit" Virus! Action Taken: No Action Taken.
33: Tue Aug 23 23:28:55 2005 => File C:\WINDOWS\Downloaded Program Files\gdnAT155.exe infected by "Trojan.Win32.Dialer.ay" Virus! Action Taken: No Action Taken.
34: Tue Aug 23 23:34:14 2005 => File C:\WINDOWS\system32\cmd32.exe infected by "Trojan-Downloader.Win32.Delf.cb" Virus! Action Taken: No Action Taken.
35: Tue Aug 23 23:34:20 2005 => File C:\WINDOWS\system32\csrco.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Tue Aug 23 23:11:16 2005 => File C:\WINDOWS\System32\finur.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
2: Tue Aug 23 23:11:18 2005 => File C:\WINDOWS\System32\gmdzu.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
3: Tue Aug 23 23:11:19 2005 => File C:\WINDOWS\System32\gwdry.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
4: Tue Aug 23 23:12:06 2005 => File C:\WINDOWS\System32\ntfsnlpa.exe tagged as "not-a-virus:AdWare.Msnagent.b". Action Taken: No Action Taken.
5: Tue Aug 23 23:12:29 2005 => File C:\WINDOWS\System32\rdsndin.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.
6: Tue Aug 23 23:16:24 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093057-487.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
7: Tue Aug 23 23:16:24 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093058-443.dll tagged as "not-a-virus:AdWare.WinAD.j". Action Taken: No Action Taken.
8: Tue Aug 23 23:16:24 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-093058-835.dll tagged as "not-a-virus:AdWare.WinAD.bg". Action Taken: No Action Taken.
9: Tue Aug 23 23:16:25 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-103712-405.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
10: Tue Aug 23 23:16:25 2005 => File C:\Programme\ffdshow\hijack\backups\backup-20050823-214756-392.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
11: Tue Aug 23 23:28:54 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.f". Action Taken: No Action Taken.
12: Tue Aug 23 23:28:54 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\webdlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.g". Action Taken: No Action Taken.
13: Tue Aug 23 23:28:55 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rundlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.f". Action Taken: No Action Taken.
14: Tue Aug 23 23:28:55 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rundlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.f". Action Taken: No Action Taken.
15: Tue Aug 23 23:28:56 2005 => File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx tagged as "not-a-virus:AdWare.MediaTickets.f". Action Taken: No Action Taken.
16: Tue Aug 23 23:28:56 2005 => File C:\WINDOWS\Downloaded Program Files\rundlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.f". Action Taken: No Action Taken.
17: Tue Aug 23 23:28:56 2005 => File C:\WINDOWS\Downloaded Program Files\v3.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.s". Action Taken: No Action Taken.
18: Tue Aug 23 23:28:56 2005 => File C:\WINDOWS\Downloaded Program Files\webdlg32.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.g". Action Taken: No Action Taken.
19: Tue Aug 23 23:37:29 2005 => File C:\WINDOWS\system32\finur.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
20: Tue Aug 23 23:37:30 2005 => File C:\WINDOWS\system32\gmdzu.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
21: Tue Aug 23 23:37:31 2005 => File C:\WINDOWS\system32\gwdry.dll tagged as "not-a-virus:AdWare.ToolBar.SBSoft.h". Action Taken: No Action Taken.
22: Tue Aug 23 23:38:14 2005 => File C:\WINDOWS\system32\ntfsnlpa.exe tagged as "not-a-virus:AdWare.Msnagent.b". Action Taken: No Action Taken.
23: Tue Aug 23 23:38:42 2005 => File C:\WINDOWS\system32\rdsndin.exe tagged as "not-a-virus:AdWare.FindSpy.a". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Tue Aug 23 23:00:20 2005 => ERROR!!! Invalid Entry \??\D:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
2: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AdmilliServX.dll". Action Taken: No Action Taken.
3: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken.
4: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll". Action Taken: No Action Taken.
5: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\d_loader.exe". Action Taken: No Action Taken.
6: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\InstallationsAssistent.ocx". Action Taken: No Action Taken.
7: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
8: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\StarInstall.ocx". Action Taken: No Action Taken.
9: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll". Action Taken: No Action Taken.
10: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\xscan53.ocx". Action Taken: No Action Taken.
11: Tue Aug 23 23:03:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\toolbar.dll". Action Taken: No Action Taken.
12: Tue Aug 23 23:03:51 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SR 2.0". Action Taken: No Action Taken.
13: Tue Aug 23 23:04:00 2005 => Entry "HKCR\CLSID\{567DB2D4-9B01-4EBF-9FFA-543491BF3379}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken.
14: Tue Aug 23 23:04:02 2005 => Entry "HKCR\CLSID\{6E5526E3-4B91-11d4-876F-005004BCDA99}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken.
15: Tue Aug 23 23:04:02 2005 => Entry "HKCR\CLSID\{6E5526E4-4B91-11d4-876F-005004BCDA99}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken.
16: Tue Aug 23 23:04:06 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
17: Tue Aug 23 23:04:07 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
18: Tue Aug 23 23:04:12 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
19: Tue Aug 23 23:04:14 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
20: Tue Aug 23 23:04:15 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
21: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{015ADC1F-CABC-4D20-9331-C27955A1A040}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
22: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{038D2262-E79F-4D6F-AAD9-F2408A13EAB3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
23: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{052A1D0F-E9FF-4F9A-BC58-A9E77A86F6F7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
24: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{09EE5B94-51D7-437D-8982-256B76A3A3C7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
25: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{0B37BB6F-83F6-47FB-B153-1D56751C9B37}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
26: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{10CDD085-7D09-4205-B2BA-91048424BE12}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
27: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{110FA82F-DB6C-3C24-8929-60961D10C56E}" refers to invalid object "C:\WINDOWS\System32\kphaf.dll". Action Taken: No Action Taken.
28: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{13D4BDB8-91A4-46D7-BA99-F59E5B53D833}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
29: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{14EF771B-491F-4078-A593-F5596EC2D387}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
30: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{15696AE2-6EA4-47F4-BEA6-A3D32693EFC7}" refers to invalid object "C:\Program Files\Media Gateway\MediaGateway.exe". Action Taken: No Action Taken.
31: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{17FC562C-9FE1-4288-9E01-8A09C7CE83D3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
32: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{1AC9A5B4-A075-44E8-8E8B-AB286EC04FFA}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
33: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{2024EC7E-BCE1-4357-88C9-11799FCE43CB}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
34: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{26531A0D-A62E-4C19-AC0A-F3E8CB0EEE67}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
35: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{268A9E16-32FE-47E0-B5C2-5249232FE15F}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
36: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{2F684D25-6D82-4751-8E8C-D0569CE2DE57}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
37: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{30197703-F685-48A2-9157-7C96D0D49C82}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
38: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{32472C54-19A9-49A0-BDCE-E335AD7D83B4}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
39: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{39FDBD2C-3F8C-4D58-80D4-24DA6BF8AC77}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
40: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{3B698628-3F74-4970-8182-3B29DBC28039}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
41: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{3FAED731-3772-4CC8-ACEE-3056616FB9CF}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
42: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{45AE2A1A-492A-44FB-8F20-6F2E069683F1}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
43: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{45E60C84-8E1F-47B8-A027-93B4BCDAE05D}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
44: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{474202FD-41B0-4E9D-91D8-831870D8B4AA}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
45: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{492119D6-AA0A-4566-9DEF-0B01D1C23785}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
46: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{4938B29D-48E7-4044-A93C-9D6708F2F821}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
47: Tue Aug 23 23:04:16 2005 => Entry "HKCR\TypeLib\{4BCD20EC-51F1-4746-8CAF-8F5A713B43D3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
48: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{52B6F9D5-A042-4ADB-8F6F-D5C3899F4CCF}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
49: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{5713F0BD-2757-432F-9A93-6366C81F437B}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
50: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{59C9C6D3-0809-4217-86F6-2706742ACEAC}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
51: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{5C4EE682-6B32-4DB4-A90B-D36C31B52153}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
52: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{5EC78C7B-BE8C-4CB9-B547-E06EECEC329A}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
53: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{663DBFBD-9287-4291-804D-2BC41DDF1737}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
54: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{6CAD4F8F-3830-45B3-B13E-5973E0C306CB}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
55: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{6D243138-DD75-4C8B-AA23-F14EA70A9206}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
56: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{6DD8F112-F31D-46B4-8E15-7D38EA4F9FD6}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
57: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{706EA865-5E2D-41BF-B63A-366BCDEE011D}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
58: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{714A0837-CBA6-474E-BCBC-DEBBA6129790}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
59: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{72D43B21-776B-4BFE-B144-9CBA142F4731}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
60: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{737ED547-E1FD-4B6E-B3DC-7B6BDF5DD5E6}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
61: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7928BCE2-94CC-4504-9F28-1E60E3966957}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
62: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{79530433-4CF0-4FE5-A596-CAE0010AFEAC}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
63: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7BD423C2-AF19-4380-9D5A-E6A0EB2E488A}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
64: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7C62C966-FE96-493C-9AD9-3FE2D3250E1C}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
65: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7D0D356C-3494-4A41-A107-B2305E52B6D7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
66: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7ED10132-EDFD-4A7A-892F-2BCC17EDE4AE}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
67: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{7FB373C8-8D47-4AC8-886A-C729F568D2A3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\PPT8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
68: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{80C08007-8775-4A70-94E9-7A728EA5253C}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
69: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{82B5A577-4325-4EB9-9242-A4D8690ADD85}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
70: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{887B09FC-6A4C-409E-944B-ACF20162337D}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
71: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{8889E5E8-6DC3-4C09-9FE9-340C497F67D7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
72: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{8959FF12-54B4-4357-89EB-AE5135FBCC1E}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
73: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{896A64B6-2BEE-4843-95E2-3FE300FF64F6}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
74: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{8BD01577-B63A-4C4E-B4FB-3723837A0D1C}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
75: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{914DC167-6442-494C-B856-28BD35772BE8}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
76: Tue Aug 23 23:04:17 2005 => Entry "HKCR\TypeLib\{917623C2-D8E5-11D2-BE8B-00104B06BDE3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken.
77: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{A18F8456-5368-4B8A-BA6E-5F2FA2CB33A8}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
78: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{A93A3860-C697-41F1-BE66-CED1B3BED2F9}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
79: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{ABB416FC-E173-4DD3-A193-68B99F7DA2D6}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
80: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{AC6DB17B-2212-4B6F-A587-4C00BF29DE90}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
81: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{B0864203-BA62-4A7A-830B-0B4EF616D616}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
82: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{B73019CA-B815-4493-B0BD-1A4B25942F03}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
83: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{B9AF9AEC-0704-4B38-9CB9-D32C2B50F929}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
84: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{BEDCDBC8-C8B6-43B1-AB18-8F3F382595B3}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
85: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{C0030B93-F33D-4D54-BF7D-73F15CB9B05A}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
86: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{C094876D-1B0E-46FA-B6A6-7FFC0F970C27}" refers to invalid object "C:\WINDOWS\System32\jao.dll". Action Taken: No Action Taken.
87: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{C0DEB12B-5445-4F95-9BB5-A9742C21744A}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
88: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{C3E949D5-14FF-453E-9A53-53B5216105D7}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
89: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{CA997DF9-E482-4466-8201-E826BAD5E0D9}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
90: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{CCE64F31-229C-470F-948D-AF8B129491B9}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\Word8.0\MARQUEELib.exd". Action Taken: No Action Taken.
91: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{CEF76CA3-6776-46FB-81BE-653006D12481}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
92: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{D20E6974-A4DE-4EE1-9D1A-A5A3197E0FA0}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
93: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{D7DC3E06-6F08-4BD8-B8A7-CD25AFA624A0}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
94: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{D9F1EFB2-FEF9-4B2A-8538-86A2D937E733}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
95: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{DE4D88C9-2013-4206-A2F2-3981CCAFE29C}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
96: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{E6F5FD73-B1A1-432D-8DF6-FBED71A2EB8D}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
97: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{ECA58E33-42E3-4000-BDA6-CF556CA959BF}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
98: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{EDDD0933-6D13-4920-B566-D99B00A15D42}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
99: Tue Aug 23 23:04:18 2005 => Entry "HKCR\TypeLib\{F326DD94-705E-4797-A632-F360F76E7629}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
100: Tue Aug 23 23:04:19 2005 => Entry "HKCR\TypeLib\{F57B25DE-1945-4BE1-8B3D-A1065F8B31A9}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
101: Tue Aug 23 23:04:19 2005 => Entry "HKCR\TypeLib\{F7BBFD79-8F22-4EC6-B065-9D1C0FCA72BD}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
102: Tue Aug 23 23:04:19 2005 => Entry "HKCR\TypeLib\{FCBE6891-BD8C-44BD-B2E2-2D3DEE84B4DC}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
103: Tue Aug 23 23:04:19 2005 => Entry "HKCR\TypeLib\{FD924786-99D7-47D8-8B54-ED2597346C21}" refers to invalid object "C:\DOKUME~1\WinXP\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
104: Tue Aug 23 23:04:19 2005 => Entry "HKCR\.aut" refers to invalid object "iPIX.ipsfiles.1". Action Taken: No Action Taken.
105: Tue Aug 23 23:04:19 2005 => Entry "HKCR\.bub" refers to invalid object "iPIX.ipxfiles.1". Action Taken: No Action Taken.
106: Tue Aug 23 23:04:20 2005 => Entry "HKCR\.ips" refers to invalid object "iPIX.ipsfiles.1". Action Taken: No Action Taken.
107: Tue Aug 23 23:04:20 2005 => Entry "HKCR\.ipx" refers to invalid object "iPIX.ipxfiles.1". Action Taken: No Action Taken.
108: Tue Aug 23 23:04:21 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
109: Tue Aug 23 23:04:23 2005 => Entry "HKCR\ATLCamImage.PropertyPage1" refers to invalid object "{CA42B92C-4FE8-11D3-9A4C-009027665B0F}". Action Taken: No Action Taken.
110: Tue Aug 23 23:04:23 2005 => Entry "HKCR\ATLCamImage.PropertyPage1.1" refers to invalid object "{CA42B92C-4FE8-11D3-9A4C-009027665B0F}". Action Taken: No Action Taken.
111: Tue Aug 23 23:04:33 2005 => Entry "HKCR\Jao.jao" refers to invalid object "{80BB7465-A638-43B5-9827-8E8FE38DFCC1}". Action Taken: No Action Taken.
112: Tue Aug 23 23:04:33 2005 => Entry "HKCR\Jao.jao.1" refers to invalid object "{80BB7465-A638-43B5-9827-8E8FE38DFCC1}". Action Taken: No Action Taken.
113: Tue Aug 23 23:04:34 2005 => Entry "HKCR\MediaGateway.Installer" refers to invalid object "{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}". Action Taken: No Action Taken.
114: Tue Aug 23 23:13:08 2005 => Result: ERROR!!! File C:\DOKUME~1\WinXP\LOKALE~1\TEMPOR~1\Content.IE5\6YZIJTUD\0X6JCPMB\google[1].htm: Scanning Failure!!!
115: Tue Aug 23 23:13:08 2005 => ERROR!!! ScanFile fails for C:\DOKUME~1\WinXP\LOKALE~1\TEMPOR~1\Content.IE5\6YZIJTUD\0X6JCPMB\google[1].htm
116: Tue Aug 23 23:15:24 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\WinXP\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6YZIJTUD\0X6JCPMB\google[1].htm: Scanning Failure!!!
117: Tue Aug 23 23:15:24 2005 => ERROR!!! ScanFile fails for C:\Dokumente und Einstellungen\WinXP\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6YZIJTUD\0X6JCPMB\google[1].htm
118: Tue Aug 23 23:39:32 2005 => ERROR!!! FindFirstFile For E:\*.* Failed!!! Reason is Auf dem Datenträger befindet sich kein erkanntes Dateisystem.

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\System32\cmd32.exe => Trojan-Downloader.Win32.Delf.cb
2: C:\WINDOWS\System32\csrco.exe => Trojan-Dropper.Win32.Vidro.u
3: C:\Programme\ffdshow\hijack\backups\backup-20050823-093057-322.dll => Trojan-Spy.Win32.Banker.aaf
4: C:\Programme\ffdshow\hijack\backups\backup-20050823-093059-685.dll => Trojan-Downloader.Win32.IstBar.gen
5: C:\WINDOWS\Downloaded Program Files\CONFLICT.4\load.exe => Trojan-Downloader.Win32.Small.bit
6: C:\WINDOWS\Downloaded Program Files\gdnAT155.exe => Trojan.Win32.Dialer.ay
7: C:\WINDOWS\system32\cmd32.exe => Trojan-Downloader.Win32.Delf.cb
8: C:\WINDOWS\system32\csrco.exe => Trojan-Dropper.Win32.Vidro.u

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Tue Aug 23 23:39:32 2005 => Total Objects Scanned: 51949
Tue Aug 23 23:39:32 2005 => Total Virus(es) Found: 58
Tue Aug 23 23:39:32 2005 => Total Errors: 116
Tue Aug 23 23:39:32 2005 => Virus Database Date: 2005/08/23
Tue Aug 23 23:39:32 2005 => Virus Database Count: 145176
Tue Aug 23 23:39:58 2005 => Total Objects Scanned: 51949
Tue Aug 23 23:39:58 2005 => Total Virus(es) Found: 58
Tue Aug 23 23:39:58 2005 => Total Errors: 116

hijack:

Logfile of HijackThis v1.99.1
Scan saved at 00:02:00, on 24.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\V-Stream\PVR Plus\TVR\Scheduled.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\V-Stream\TV878\C7XRCtl.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\ffdshow\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orf.at/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [PVR Agent] C:\Programme\V-Stream\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead Photo Express 5 SE Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dmtmr.exe] C:\WINDOWS\System32\dmtmr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Programme\V-Stream\TV878\C7XRCtl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.flexview.de/InstallationsAssistent.ocx
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Programme\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ich hoffe dies Informationen helfen, mir bei meinem Problem noch ein bisschen weiterhelfen zu können, Herzlichen Dank schonmals im voraus!
Seitenanfang Seitenende
24.08.2005, 02:42
Member
Avatar Gool

Beiträge: 4730
#4

Zitat

mit laufendem ZoneAlarm Pro lassen sich einge Internetseiten nicht öffnen,
Ja, dass es Probleme mit ZoneAlarm ist hinlänglich bekannt (alle meine Bekannten hatten damit bisher Probleme). Deinstalliere ZoneAlarm und installiere Dir stattdessen die Sygate-Firewall.

Ohje... das sind ja schlimm aus *grusel*
Eigentlich wäre hier Formatieren zu empfehlen. Wenn nicht, dann hier weitermachen (keine Garantie, dass wir das hinbekommen):

Fixe nochmals mit HJT:
O4 - HKLM\..\Run: [dmtmr.exe] C:\WINDOWS\System32\dmtmr.exe

Starte den PC im abgesicherten Modus.

Jetzt benutzen wir abermals die Killbox (Anwendung wie gehabt):
C:\Dokumente und Einstellungen\WinXP\Desktop\internet.lnk
C:\WINDOWS\System32\ide21201.vxd
C:\WINDOWS\System32\cmd32.exe
C:\WINDOWS\System32\csrco.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\load.exe
C:\WINDOWS\Downloaded Program Files\gdnAT155.exe
C:\WINDOWS\System32\finur.dll
C:\WINDOWS\System32\gmdzu.dll
C:\WINDOWS\System32\gwdry.dll
C:\WINDOWS\System32\ntfsnlpa.exe
C:\WINDOWS\System32\rdsndin.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rundlg32.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\webdlg32.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rundlg32.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rundlg32.dll
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
C:\WINDOWS\Downloaded Program Files\rundlg32.dll
C:\WINDOWS\Downloaded Program Files\v3.dll
C:\WINDOWS\Downloaded Program Files\webdlg32.dll
C:\WINDOWS\system32\finur.dll
C:\WINDOWS\system32\gmdzu.dll
C:\WINDOWS\system32\gwdry.dll
C:\WINDOWS\system32\ntfsnlpa.exe
C:\WINDOWS\system32\rdsndin.exe
C:\WINDOWS\System32\dmtmr.exe

Bitte lokalisiere selbst die folgenden beiden Dateien:
boot.exe
mediagateway.exe

Diese ebenfalls bei Killbox mit einfügen.

Lade Dir Ewido und mache damit einen Systemscan (inkl. Säuberung). Berichte von dem Ergebnis.

Dann erneutes HJT und bitte nochmals eScan durchlaufen lassen.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: