Smitfraud ist weg aber hab noch mehr Ungeziefer

clod · 15.11.2005, 17:06

Hallo zusammen,

ich hab es zwar dank eurer Hilfe gestern geschafft, die Smitfraud-Plage loszuwerden, aber ich hab offensichtlich noch einiges anderes auf meinem Rechner, das da nicht hingehört. Da ich selber wenig Ahnung hab bitte ich um Hilfe. Es folgt mein HickjackThis Logfile und Auszüge aus dem eScan Log. Bitte sagt mir, wie ich diese Plagegeister loswerden kann.

DANKE im Voraus,

Clod

Logfile of HijackThis v1.99.1
Scan saved at 23:28:25, on 14.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download All Files by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\PROGRA~1\HIDOWN~1\HDGet.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - h**p://207.188.7.150/22821b74e80a001f2e05/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130968836765
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130968791015
O16 - DPF: {7A96FF35-4937-11D1-8F2C-00609779BDA3} -
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} -
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Remote_Procedure_Call (svchost) - Unknown owner - %windir%\system32\svchost.cmd (file missing)

Logfile eScan

Mon Nov 14 20:03:34 2005 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken.
Mon Nov 14 20:03:39 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1
Mon Nov 14 20:03:39 2005 => Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Nov 14 20:03:40 2005 => Offending Folder found: C:\Documents and Settings\xxxx\Application Data\everad
Mon Nov 14 20:03:40 2005 => Object "everad Spyware/Adware" found in File System! Action Taken: No Action Taken.
Mon Nov 14 20:03:41 2005 => Offending file found: C:\Documents and Settings\xxxx\Gallery\Favorites\einkaufen\bücher und cds\amazon.com.url
Mon Nov 14 20:03:41 2005 => System found infected with ezula Spyware/Adware (amazon.com.url)! Action taken: No Action Taken.

Mon Nov 14 20:03:54 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Mon Nov 14 20:03:55 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken.
Mon Nov 14 20:03:55 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
Mon Nov 14 20:03:56 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\AXDIST.EXE". Action Taken: No Action Taken.
Mon Nov 14 20:03:56 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".04". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".a2m". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asc". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".est". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".l3p". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ldif". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".NEW". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".old". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".opt". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pcx". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PRT". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pvg". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".qtr". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r3t". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rf". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjs". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rp". Action Taken: No Action Taken.
Mon Nov 14 20:04:00 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rt". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sdp". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".skn". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".strm1". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TX0". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".udsmmp". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ur". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vb". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Update". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823980". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q819696". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SE". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SW". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2106CE00-FA53-11D3-98CC-0050BAC15A84}". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{396FD726-254C-40D8-8EB6-A00703F134BF}". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D6ACBBB-A640-4715-BA0F-42D1EA05F23A}". Action Taken: No Action Taken.
Mon Nov 14 20:04:01 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1}". Action Taken: No Action Taken.
Mon Nov 14 20:04:02 2005 => Entry "HKCR\CLSID\{0B28B10C-0852-4322-CD8D-98680E44C015}" refers to invalid object "C:\WINDOWS\system32\ipho.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:02 2005 => Entry "HKCR\CLSID\{1732FCC5-C206-BC88-ADB0-E0C120894A6A}" refers to invalid object "C:\WINDOWS\wintw.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:04 2005 => Entry "HKCR\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Mon Nov 14 20:04:05 2005 => Entry "HKCR\CLSID\{5200315E-1D57-7587-ACA1-DFBA216D2846}" refers to invalid object "C:\WINDOWS\system32\mfcwr.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:05 2005 => Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\xxxx\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:06 2005 => Entry "HKCR\CLSID\{682C5F43-2697-11D0-ABCE-0020AF42FB7F}" refers to invalid object "C:\WINDOWS\System32\MAPKIT.OCX". Action Taken: No Action Taken.
Mon Nov 14 20:04:06 2005 => Entry "HKCR\CLSID\{6D16CB65-1F8E-47ad-AD83-33338667CEAB}" refers to invalid object "C:\Program Files\Common Files\XCPCSync\XCPCSync.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:06 2005 => Entry "HKCR\CLSID\{6E5526E4-4B91-11d4-876F-005004BCDA99}" refers to invalid object "D:\PJStream.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:06 2005 => Entry "HKCR\CLSID\{742850B3-7650-D1A1-2D1B-5881BB42C236}" refers to invalid object "C:\WINDOWS\atlax.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:06 2005 => Entry "HKCR\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Mon Nov 14 20:04:06 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:07 2005 => Entry "HKCR\CLSID\{897A8CBB-5177-57FE-661E-96570881EE30}" refers to invalid object "C:\WINDOWS\system32\addny32.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:08 2005 => Entry "HKCR\CLSID\{A0AC7FC8-F61D-35E9-677C-05E63DBF9E71}" refers to invalid object "C:\WINDOWS\system32\ntjh32.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:08 2005 => Entry "HKCR\CLSID\{A0E5F37E-CA67-11D1-A817-00A0C92784CD}" refers to invalid object "C:\WINDOWS\System32\crviewer.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:09 2005 => Entry "HKCR\CLSID\{D044E2E5-A871-97E9-5BB4-9435FC9926C6}" refers to invalid object "C:\WINDOWS\system32\iphf.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:10 2005 => Entry "HKCR\CLSID\{D8B2DAC3-269F-11D0-ABCE-0020AF42FB7F}" refers to invalid object "C:\WINDOWS\System32\MAPKIT.OCX". Action Taken: No Action Taken.
Mon Nov 14 20:04:10 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Mon Nov 14 20:04:11 2005 => Entry "HKCR\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Mon Nov 14 20:04:11 2005 => Entry "HKCR\TypeLib\{00025E04-0000-0000-C000-000000000046}" refers to invalid object "C:\WINDOWS\System32\Dao2532.tlb". Action Taken: No Action Taken.
Mon Nov 14 20:04:11 2005 => Entry "HKCR\TypeLib\{19090CB6-BBFD-4542-9793-9742D8993D7A}" refers to invalid object "C:\DOCUME~1\xxxx\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Mon Nov 14 20:04:11 2005 => Entry "HKCR\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}" refers to invalid object "C:\Program Files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\xxxx\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\TypeLib\{873EFD18-33BC-4E25-921F-EBD42EB51126}" refers to invalid object "D:\DsiN.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\TypeLib\{922BFF19-C418-4CD3-B9AB-03C93FE9B5BB}" refers to invalid object "C:\Program Files\Common Files\XCPCSync\XCPCSync.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\TypeLib\{C4847593-972C-11D0-9567-00A0C9273C2A}" refers to invalid object "C:\WINDOWS\System32\crviewer.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\TypeLib\{D8B2DAC0-269F-11D0-ABCE-0020AF42FB7F}" refers to invalid object "C:\WINDOWS\System32\MAPKIT.OCX". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\TypeLib\{F57B25DE-1945-4BE1-8B3D-A1065F8B31A9}" refers to invalid object "D:\player\WMMP.EXE". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}" refers to invalid object "C:\WINDOWS\System32\comdlg32.ocx". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\.asx_aq" refers to invalid object "SafeFiles.1". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:12 2005 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.idc" refers to invalid object "idcfile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:13 2005 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.
Mon Nov 14 20:04:14 2005 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.
Mon Nov 14 20:04:14 2005 => Entry "HKCR\@@@1_auto_file\shell\open\command" refers to invalid object ""C:\Program Files\Real\RealPlayer\realplay.exe" "%1"". Action Taken: No Action Taken.
Mon Nov 14 20:04:14 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Mon Nov 14 20:04:14 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Mon Nov 14 20:04:15 2005 => Entry "HKCR\dbx_auto_file\shell\open\command" refers to invalid object ""C:\Program Files\America Online 6.0\aol.exe" -u"%1"". Action Taken: No Action Taken.
Mon Nov 14 20:04:16 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Mon Nov 14 20:04:17 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Mon Nov 14 20:04:17 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Mon Nov 14 20:04:17 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Mon Nov 14 20:04:18 2005 => Entry "HKCR\ovafile\shell\open\command" refers to invalid object ""C:\PROGRA~1\Obtiv\OCTAVA~1\OCTAVA~1.EXE" %1". Action Taken: No Action Taken.
Mon Nov 14 20:04:18 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Mon Nov 14 20:04:18 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Mon Nov 14 20:04:18 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Mon Nov 14 20:04:19 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Mon Nov 14 20:04:19 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Mon Nov 14 20:04:19 2005 => Entry "HKCR\SconCom.clsRegister" refers to invalid object "{2B127121-98B6-4E77-8F00-154751C304B7}". Action Taken: No Action Taken.
Mon Nov 14 20:04:19 2005 => Entry "HKCR\SconCom.clsUB" refers to invalid object "{E612E121-FAE1-48BE-A150-00F6F17EE165}". Action Taken: No Action Taken.
Mon Nov 14 20:04:19 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Mon Nov 14 20:04:19 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Mon Nov 14 20:04:20 2005 => ***** Scanning All Drives *****
Mon Nov 14 20:04:20 2005 => Scanning C:\ Drive
Mon Nov 14 20:16:05 2005 => File C:\Program Files\babylon32_ger_eng.exe tagged as "not-a-virus:AdWare.Win32.Cydoor.c". Action Taken: No Action Taken.
Mon Nov 14 21:45:07 2005 => File C:\WINDOWS\system32\diesau.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.

Mon Nov 14 21:52:06 2005 => ***** Scanning complete. *****
Mon Nov 14 21:52:06 2005 => Total Objects Scanned: 63401
Mon Nov 14 21:52:06 2005 => Total Virus(es) Found: 7
Mon Nov 14 21:52:06 2005 => Total Disinfected Files: 0
Mon Nov 14 21:52:06 2005 => Total Files Renamed: 0
Mon Nov 14 21:52:06 2005 => Total Deleted Objects: 0
Mon Nov 14 21:52:06 2005 => Total Errors: 751
Mon Nov 14 21:52:06 2005 => Time Elapsed: 01:49:52
Mon Nov 14 21:52:06 2005 => Virus Database Date: 2005/11/14
Mon Nov 14 21:52:06 2005 => Virus Database Count: 159812
Mon Nov 14 21:52:07 2005 => Scan Completed.

irrlicht · 15.11.2005, 17:37

Hallo clod,
kennst du das ?
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\PROGRA~1\HIDOWN~1\hidownload.exe
Habe leider keine Links zur Hand.Suche dir (Google) folgende Programme.
Ewido security Suite,Spybot Search &Destroy,AdAware =alle updaten.
Vorher Regseeker laden und "Registrierung säubern",achte darauf das die Wiederherstellung unten links eingeschaltet ist.
Dann abgesicherter Modus und alle drei Programme laufen lassen ,lösche was vorgeschlagen wird.
Dann Neustart und neues HijackThis Log(lösche das alte Log) und EScan posten
Irrlicht

clod · 16.11.2005, 09:30

Hallo Irrlicht,

danke für die Antwort. Hidownload ist ein Programm, das ich mir runtergeladen hab, ist also nicht unbekannt für mich. Was aber nicht heißen muss, dass vielleicht das Programm selber problematisch ist.

Vielleicht hat ja jemand Erfahrung damit?

Grüße,

Clod

irrlicht · 16.11.2005, 12:13

Hallo clod,
Programmen denen DU nicht vertraust haben auf DEINEM Rechner nix verloren.Wenn du es nicht benötigst oder dem Programm mißtraust :fixen
Wie weit bist du mit den anderen Voschlägen ?
Irrlicht

clod · 17.11.2005, 09:37

Hallo Irrlicht,

hab gestern alles nochmal laufen lassen. Spybot findet nix aber Ewido hat nochmal 6 Probleme gefunden. Ich arbeite mit RegCleaner und hab da auch nochmal aufgeräumt. Ist RegSeeker besser?

Clod

irrlicht · 17.11.2005, 15:27

Hallo cloud,
probieren geht über studieren.
Der Eine findet noch was,was der Andere übersehen hat.Solange du die Sicherung links unten eingeschaltet hast kann nix passieren.Habe auch noch nie gehört das von den Beiden irgendwas kaputt gemacht wurde.
Irrlicht

Smitfraud ist weg aber hab noch mehr Ungeziefer

Plagegeister aller Art und deren Bekämpfung: Smitfraud ist weg aber hab noch mehr Ungeziefer