|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: Hab auch den Buddy F. Kann sich einer meinen escan angucken?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  29.05.2005, 00:02 | #1 | 
|  |   Hab auch den Buddy F. Kann sich einer meinen escan angucken? Hi Leute hab mal meinen escan reingehauen. Kann mir jemand den mal analysieren? Vielen Dank im Voraus Gruß Kingbulette Object "Zango Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\NeroBackItUp_Fra.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Textconv\MSWRD832.CNV". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbuiwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{69E9B473-22E6-471D-8683-84BD1E4BECE1}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}" refers to invalid object "C:\Programme\Winamp\Plugins\cddbcontrolwinamp.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F802F260-519B-11D1-BB5D-0060974C6013}" refers to invalid object "C:\Programme\ICQ\ICQShExt.dll". Action Taken: No Action Taken. Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\Photoshop.Application.4" refers to invalid object "{6DECC242-87EF-11cf-86B4-444553540000} ". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. File C:\WINDOWS\uymfqh.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken. File C:\DOKUME~1\Bulette\LOKALE~1\Temp\180sainstaller.exe tagged as "not-a-virus:AdWare.180Solutions.b". Action Taken: No Action Taken. File C:\DOKUME~1\Bulette\LOKALE~1\Temp\DelBD.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus! Action Taken: No Action Taken. File C:\DOKUME~1\Bulette\LOKALE~1\Temp\DelCF.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus! Action Taken: No Action Taken. File C:\DOKUME~1\Bulette\LOKALE~1\Temp\nsf41.tmp tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken. File C:\DOKUME~1\Bulette\LOKALE~1\TEMPOR~1\Content.IE5\KRQ5KDQR\Nail[1].exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. File C:\DOKUME~1\Bulette\LOKALE~1\TEMPOR~1\Content.IE5\SVWZU9U3\aurora[1].exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Bulette\Lokale Einstellungen\Temp\180sainstaller.exe tagged as "not-a-virus:AdWare.180Solutions.b". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Bulette\Lokale Einstellungen\Temp\DelBD.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Bulette\Lokale Einstellungen\Temp\DelCF.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Bulette\Lokale Einstellungen\Temp\nsf41.tmp tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Bulette\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KRQ5KDQR\Nail[1].exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\Bulette\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SVWZU9U3\aurora[1].exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken. File C:\Programme\AVPersonal\INFECTED\hbnqjrw.VIR infected by "Trojan.Win32.Agent.cp" Virus! Action Taken: No Action Taken. File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. File C:\WINDOWS\uymfqh.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken. File D:\EsseXScriptpack2.2.exe tagged as not-a-virus:Tool.WinCap.Reboot. No Action Taken. File D:\Tools\blubstersetup250.exe tagged as "not-a-virus:AdWare.HelpExpress". Action Taken: No Action Taken. File D:\Tools\setup_cptool_1.6.2.4.exe tagged as not-a-virus:Tool.WinCap.Reboot. No Action Taken. | 
| Themen zu Hab auch den Buddy F. Kann sich einer meinen escan angucken? | 
| 1.tmp, c:\windows, ccc, content.ie5, dateien, einstellungen, escan, file, files, found, gen, icq, infected, leute, lokale, microsoft, not-a-virus, plugins, programme, software, system, system32, temp, tools, version, windows, zango |