Hallo.
Habe das Problem,dass ich die Seite "***.hijackthis.de" eigentlich immer zur log-File-Auswertung genommen habe, aber nun die Seite nicht mehr geöffnet kriege. Statt dessen wird mir ein Dateidownload angeboten...
Hatte mir mehrere verseuchte Dateien eingefangen, die ich mit NAV 2005, Ad-Aware SE, The Cleaner und SpyBot entfernt habe. Trotzdem besteht noch oben genanntes Problem... Kann mir da jemand helfen?

Katsche


Logfile of HijackThis v1.99.1
Scan saved at 09:09:01, on 07.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Norton AntiVirus\navapsvc.exe
D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
D:\Programme\NoPopUp 2003\nopopup.exe
D:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Programme\WallMaster\wallmast.exe
C:\WINDOWS\System32\svchost.exe
d:\Programme\The Cleaner\tca.exe
d:\Programme\The Cleaner\tcm.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programme\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [AWMON] "D:\Programme\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [WinampAgent] d:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ugjfleydgsfoc] C:\WINDOWS\system32\eyzeoj.exe
O4 - HKCU\..\Run: [NoPopUp] D:\Programme\NoPopUp 2003\nopopup.exe /autorun
O4 - HKCU\..\Run: [SpySweeper] d:\Programme\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Ohmwolnt] C:\WINDOWS\system32\??chost.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WallMaster.lnk = D:\Programme\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.m7z.net/qtinstall.in...lInstaller.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - D:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

Hallo katsche,

deaktiviere in Deinem Logfile bitte sämtliche Links (z.B. derat "h..p").

Downloade Dir clearprog, nimm eine Datenträgerbereinigung vor (Häckchen bei “alles Löschen” und auf “löschen” klicken) und leere den Quarantäne-Ordner Deines Antivir-Programms sowie von Adaware und Spybot.
Desweiteren führe Escan aus und halte Dich genau an die Anleitung. Poste das Ergebnis.

Fixe folgenden Eintrag:
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - h..p://appldnld.m7z.net/qtinstall.i...llInstaller.exe

Benutze zukünftig zum surfen einen alternativen Browser z.B. Firefox, dann brauchst Du dies nicht mehr:
D:\Programme\NoPopUp 2003\nopopup.exe

dartus

musste die log-datei stark einkürzen... hoffe, ich habe nichts wichtiges gelöscht...

Tue Jun 07 11:05:16 2005 => **********************************************************
Tue Jun 07 11:05:16 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Tue Jun 07 11:05:16 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Jun 07 11:05:16 2005 => **********************************************************
Tue Jun 07 11:05:16 2005 => Version 6.4.1 (C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\mwavscan.com)
Tue Jun 07 11:05:16 2005 => Log File: C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\MWAV.LOG
Tue Jun 07 11:05:16 2005 => MWAV Registered: FALSE.
Tue Jun 07 11:05:16 2005 => MWAV Mode: Only Scan files.
Tue Jun 07 11:05:16 2005 => Latest Date of files inside MWAV: 06 Jun 2005 14:07:13.
Tue Jun 07 11:05:19 2005 => AV Library Loaded...
Tue Jun 07 11:05:19 2005 => MWAV doing self scanning...
Tue Jun 07 11:05:19 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\kavss.exe
Tue Jun 07 11:05:19 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\Getvlist.exe
Tue Jun 07 11:05:20 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\kavss.dll
Tue Jun 07 11:05:20 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\kavssdi.dll
Tue Jun 07 11:05:20 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\kavssi.dll
Tue Jun 07 11:05:20 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\kavvlg.dll
Tue Jun 07 11:05:20 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\msvlclnt.dll
Tue Jun 07 11:05:20 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\ipc.dll
Tue Jun 07 11:05:20 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\main.avi
Tue Jun 07 11:05:20 2005 => Scanning File C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\virus.avi
Tue Jun 07 11:05:20 2005 => MWAV files are clean.
Tue Jun 07 11:05:23 2005 => Virus Database Date: 2005/06/06
Tue Jun 07 11:05:23 2005 => Virus Database Count: 133635
Tue Jun 07 11:05:34 2005 => Generating Virus List... getvlist.exe C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\vlist.txt

Tue Jun 07 11:05:45 2005 => **********************************************************
Tue Jun 07 11:05:45 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Tue Jun 07 11:05:45 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Jun 07 11:05:45 2005 =>
Tue Jun 07 11:05:45 2005 => Support: support*at*mwti.net
Tue Jun 07 11:05:45 2005 => Web:h**p://www.mwti.net[/url]
Tue Jun 07 11:05:45 2005 => **********************************************************
Tue Jun 07 11:05:45 2005 => Version 6.4.1 (C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\mwavscan.com)
Tue Jun 07 11:05:45 2005 => Log File: C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\MWAV.LOG
Tue Jun 07 11:05:45 2005 => User Account:
Tue Jun 07 11:05:45 2005 => Windows Root Folder: C:\WINDOWS
Tue Jun 07 11:05:45 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue Jun 07 11:05:45 2005 => OS: Windows NT
Tue Jun 07 11:05:45 2005 => Latest Date of files inside MWAV: 06 Jun 2005 14:07:13.

Tue Jun 07 11:05:45 2005 => Options Selected by User:
Tue Jun 07 11:05:45 2005 => Memory Check: Enabled
Tue Jun 07 11:05:45 2005 => Registry Check: Enabled
Tue Jun 07 11:05:45 2005 => StartUp Folder Check: Enabled
Tue Jun 07 11:05:45 2005 => System Folder Check: Enabled
Tue Jun 07 11:05:45 2005 => System Area Check: Disabled
Tue Jun 07 11:05:45 2005 => Services Check: Enabled
Tue Jun 07 11:05:45 2005 => Drive Check Option Disabled
Tue Jun 07 11:05:45 2005 => Folder Check: Disabled

Tue Jun 07 11:05:45 2005 => ***** Scanning Memory Files *****

Tue Jun 07 11:06:09 2005 => Scanning File C:\WINDOWS\System32\extmgr.dll
Tue Jun 07 11:06:09 2005 => Scanning File d:\Programme\Real\RealPlayer\rpshell.dll
Tue Jun 07 11:06:09 2005 => ERROR!!! Invalid Entry {F969555F-1ABF-4DFE-A52A-ADF41C1E2E44} = C:\WINDOWS\system32\Q3558984.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
Tue Jun 07 11:06:09 2005 => ERROR!!! Invalid Entry {BA0ED65F-322F-44C4-A62C-97FAAB78E444} = C:\WINDOWS\system32\Q3558984.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
Tue Jun 07 11:06:09 2005 => ERROR!!! Invalid Entry {7C37DDA0-A47C-4BE4-B6A6-8F4F00D42A56} = C:\WINDOWS\system32\Q3558984.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.

Tue Jun 07 11:06:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jun 07 11:06:11 2005 => ERROR!!! Invalid Entry NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Tue Jun 07 11:06:11 2005 => Scanning File C:\PROGRA~1\ANALOG~1\SoundMAX\SMax4PNP.exe
Tue Jun 07 11:06:11 2005 => Scanning File C:\PROGRA~1\ANALOG~1\SoundMAX\Smax4.exe
Tue Jun 07 11:06:11 2005 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Tue Jun 07 11:06:11 2005 => Scanning File c:\windows\system32\mobsync.exe
Tue Jun 07 11:06:11 2005 => ERROR!!! Invalid Entry Logitech Utility = Logi_MwX.Exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Tue Jun 07 11:06:11 2005 => ERROR!!! Invalid Entry PivotSoftware = "C:\Programme\WinPortrait\wpctrl.exe" (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Tue Jun 07 11:06:11 2005 => Scanning File D:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
Tue Jun 07 11:06:12 2005 => Scanning File d:\Programme\Winamp\winampa.exe
Tue Jun 07 11:06:12 2005 => ERROR!!! Invalid Entry Advanced Tools Check = D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Tue Jun 07 11:06:12 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccApp.exe
Tue Jun 07 11:06:12 2005 => ERROR!!! Invalid Entry ugjfleydgsfoc = C:\WINDOWS\system32\eyzeoj.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.

Tue Jun 07 11:06:12 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Jun 07 11:06:12 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Tue Jun 07 11:06:12 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Tue Jun 07 11:06:12 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Tue Jun 07 11:06:12 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jun 07 11:06:12 2005 => Scanning File D:\PROGRA~1\NOPOPU~1\nopopup.exe
Tue Jun 07 11:06:12 2005 => ERROR!!! Invalid Entry SpySweeper = d:\Programme\Webroot\Spy Sweeper\SpySweeper.exe /0 (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Tue Jun 07 11:06:12 2005 => ERROR!!! Invalid Entry Ohmwolnt = C:\WINDOWS\system32\??chost.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.


Tue Jun 07 11:06:13 2005 => ***** Scanning Service Files *****

Tue Jun 07 11:51:53 2005 => File C:\WINDOWS\SYSTEM32\MSFTCPIP.SYS infected by "Trojan-Spy.Win32.Goldun.aw" Virus! Action Taken: No Action Taken.


Tue Jun 07 11:51:55 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Tue Jun 07 11:51:55 2005 => Scanning File c:\windows\system32\JAVASUP.VXD

Tue Jun 07 11:51:55 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Tue Jun 07 11:51:56 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Tue Jun 07 11:51:56 2005 => Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Jun 07 11:51:59 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\power scan !!!
Tue Jun 07 11:51:59 2005 => Object "Power scan Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Jun 07 11:52:01 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Tue Jun 07 11:52:01 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Jun 07 11:52:09 2005 => System found infected with Gator Spyware/Adware (HDPlugin1019.dll)! Action taken: No Action Taken.
Tue Jun 07 11:52:09 2005 => Object "Gator Spyware/Adware" found in File System! Action Taken: No Action Taken.


Tue Jun 07 11:52:10 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver10.ocx". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\v2.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\objsafe.tlb". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\Adobe\Acrobat 6.0\Reader\atl.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\PMAdobeIndex.url". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\drivers\Cdr4_2K.sys". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\dummy.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\wocdavlc.cfg". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\loc0c01\winoncd.loc". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\loc0a01\winoncd.loc". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\loc1001\winoncd.loc". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\internet\RECORDER.URL". Action Taken: No Action Taken.

Tue Jun 07 11:52:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\IMAGES\blank.vob". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\closedbgout.exe". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\FRANKJ~1\LOKALE~1\Temp\enableirsocketutil.exe". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\objsafe.tlb". Action Taken: No Action Taken.

Tue Jun 07 11:52:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\internazionale_ver10.ocx". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ysbactivex.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:13 2005 => Entry "HKCR\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\DAO\dao350.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:14 2005 => Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:14 2005 => Entry "HKCR\CLSID\{0C5B0CED-206B-4c39-B615-0EB23C824612}" refers to invalid object "C:\Program Files\Common Files\Adobe\Shell\AIIcon.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:15 2005 => Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.

Tue Jun 07 11:52:17 2005 => Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.

Tue Jun 07 11:52:17 2005 => Entry "HKCR\CLSID\{7C37DDA0-A47C-4BE4-B6A6-8F4F00D42A56}" refers to invalid object "C:\WINDOWS\system32\Q3558984.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:17 2005 => Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.

Tue Jun 07 11:52:17 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:17 2005 => Entry "HKCR\CLSID\{86DCFA5A-DED3-4202-ADDC-93852FCF4DE6}" refers to invalid object "f:\Corel\Graphics12\ProgramsD\CorelDrw.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:18 2005 => Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.

Tue Jun 07 11:52:18 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.

Tue Jun 07 11:52:19 2005 => Entry "HKCR\CLSID\{BA0ED65F-322F-44C4-A62C-97FAAB78E444}" refers to invalid object "C:\WINDOWS\system32\Q3558984.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:19 2005 => Entry "HKCR\CLSID\{BC54B24C-5A97-4C19-9181-8B8A05B2E931}" refers to invalid object "C:\WINDOWS\system32\nsf3C.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:19 2005 => Entry "HKCR\CLSID\{BD9584EF-C28C-4F6D-8D49-0CEE3C0E442F}" refers to invalid object "C:\WINDOWS\system32\nsf3C.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:19 2005 => Entry "HKCR\CLSID\{C7888681-1A83-4C14-B9A5-95F91240B44F}" refers to invalid object "C:\WINDOWS\system32\nsf3C.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:20 2005 => Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object "ADMWPROX.DLL". Action Taken: No Action Taken.

Tue Jun 07 11:52:20 2005 => Entry "HKCR\CLSID\{F969555F-1ABF-4DFE-A52A-ADF41C1E2E44}" refers to invalid object "C:\WINDOWS\system32\Q3558984.dll". Action Taken: No Action Taken.

Tue Jun 07 11:52:21 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Tue Jun 07 11:52:21 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Tue Jun 07 11:52:21 2005 => Entry "HKCR\btnetw.ohb" refers to invalid object "{9ADE0443-2AB2-4B23-A3F8-AC520773DE12}". Action Taken: No Action Taken.

Tue Jun 07 11:52:21 2005 => Entry "HKCR\btnetw.ohb.1" refers to invalid object "{9ADE0443-2AB2-4B23-A3F8-AC520773DE12}". Action Taken: No Action Taken.

Tue Jun 07 11:52:21 2005 => Entry "HKCR\ComCtl2.Filter.1" refers to invalid object "{4187FABF-2189-4D72-64C9-5846E1436D68}". Action Taken: No Action Taken.

Tue Jun 07 11:52:22 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.

Tue Jun 07 11:52:22 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.

Tue Jun 07 11:52:22 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Tue Jun 07 11:52:22 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Tue Jun 07 11:52:22 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Tue Jun 07 11:52:24 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Tue Jun 07 11:52:24 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Tue Jun 07 11:52:24 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Tue Jun 07 11:52:24 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Tue Jun 07 11:52:24 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Tue Jun 07 11:52:24 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Tue Jun 07 11:52:24 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Tue Jun 07 11:52:24 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.


Tue Jun 07 11:52:25 2005 => ***** Scanning System32 Folders *****
Tue Jun 07 11:52:25 2005 => Scanning C:\WINDOWS Directory
Tue Jun 07 11:52:25 2005 => Scanning Folder: C:\WINDOWS\*.*
Tue Jun 07 11:52:25 2005 => Scanning File C:\WINDOWS\24106.exe
Tue Jun 07 11:52:25 2005 => File C:\WINDOWS\24106.exe infected by "Trojan.Win32.Dialer.gt" Virus! Action Taken: No Action Taken.


Tue Jun 07 11:53:51 2005 => ***** Scanning complete. *****

Tue Jun 07 11:53:51 2005 => Total Objects Scanned: 14856
Tue Jun 07 11:53:51 2005 => Total Virus(es) Found: 6
Tue Jun 07 11:53:51 2005 => Total Disinfected Files: 0
Tue Jun 07 11:53:51 2005 => Total Files Renamed: 0
Tue Jun 07 11:53:51 2005 => Total Deleted Objects: 0
Tue Jun 07 11:53:51 2005 => Total Errors: 86
Tue Jun 07 11:53:51 2005 => Time Elapsed: 00:48:05
Tue Jun 07 11:53:51 2005 => Virus Database Date: 2005/06/06
Tue Jun 07 11:53:51 2005 => Virus Database Count: 133635

Tue Jun 07 11:53:51 2005 => Scan Completed.

Hallo katsche,

Du hast Dich nicht an die Escan-Anleitung gehalten.
Escan sollte in den neu zu erstellenden Ordner "C:\bases_x" entpackt werden, um dann mit Hilfe der "Find.bat" die "tagged" und "infected" Funde hier zu posten.

Downloade Dir Regseeker und säubere Deine Registry.

Lösche folgende Dateien (im abgesicherten Modus/Systemwiederherstellung deaktivieren):

C:\WINDOWS\24106.exe (falls Du nicht mit DSL ins I-Net gehst, Datei auf Datenträger zwecks Beweismittel sichern für ev. zu hohen Onlinekosten)
C:\WINDOWS\SYSTEM32\MSFTCPIP.SYS

Lass nochmals Escan laufen und lösche alle Funde.

Papierkorb leeren.

Neustart --> Systemwiederherstellung kann wieder aktiviert werden

Neues Logfile

dartus