Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   e.scan (https://www.trojaner-board.de/21939-e-scan.html)

Kalle55 18.09.2005 13:21
e.scan
 
Hallo,

ich habe nach der neuinstallation von windows jetzt mal wieder e-scan durchlaufen lassen.

e-scan meldet keine Virenfunde sondern nur Fehler?
Was heißt das ?

anbei habe ich die Log kopiert >

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_chs.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_cht.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_kor.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\NeroBackItUp_Fra.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Intel\ProSafe\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Powertoys for Windows XP\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CCD". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".H0". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A8482EAF-A1F3-4934-AE3F-56EB195A50BF}" refers to invalid object "H:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DDE0825B-6ADA-4AB8-A128-CEB218AF447C}" refers to invalid object "H:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5AABBE72-E7C3-40F7-9C01-C11BA4501B54}" refers to invalid object "H:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\bwpfile\shell\open\command" refers to invalid object "C:\Programme\F-Secure Anti-Virus\backweb\4476822\6.3.2.62-4476822L\Program\PrvCnt.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\system32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.

Rene-gad 18.09.2005 14:01
@Kalle55
Zitat:
ich habe nach der neuinstallation von windows jetzt mal wieder e-scan durchlaufen lassen.
Hast du bei diesem Wetter nichts Besseres zu tun? ;).
Zitat:
Was heißt das ?
refers to invalid object= bezieht sich auf ein ungültiges Objekt. Ergo: du darfst diese Registry-Schlüsseln entfernen, was aber ich nicht manuell tun würde, sondern mit RegSeeker oder einem anderer Registry-Tool, womit man auch die Backups erstellen kann.
Generell aber gilt: Don't touch the running system. ;).

soulside 22.09.2005 06:39
servus an alle, habe meinen pc mal durchsuchen lassen schon erstaunlich was sich da so verbirgt?! kann mir da jemand helfen wie ich die einzelnen los werde? sorry bin neu in diesem gebiet!!!
ich möchte erwähnen das ich mein hintergrundbild auch nicht mehr ändern kann da stoht Danger SPYWARE und will das ich was kaufe die scheisse geht nicht weg.


bedanke mich im vorraus





Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Sep 21 23:26:14 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Wed Sep 21 23:26:14 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.
Wed Sep 21 23:26:14 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Wed Sep 21 23:26:14 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Wed Sep 21 23:26:16 2005 => System found infected with WhenU.SaveNow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Wed Sep 21 23:26:25 2005 => System found infected with cws.smartsearch Spyware/Adware (C:\WINDOWS\system32\uninstall.exe)! Action taken: No Action Taken.
Wed Sep 21 23:26:37 2005 => System found infected with ABetterInternet Spyware/Adware (alchem.ini)! Action taken: No Action Taken.
Wed Sep 21 23:29:10 2005 => File C:\Dokumente und Einstellungen\oez..\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1eb3df3b-6af65419.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Wed Sep 21 23:29:14 2005 => File C:\Dokumente und Einstellungen\oez..\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv478.jar-3bcc02aa-19a028c7.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Thu Sep 22 00:11:30 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7YOVFL0X\1[1].htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
Thu Sep 22 00:26:27 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KFVFI4XT\porn_stuff[1].ani infected by "Trojan-Downloader.Win32.Ani.b" Virus! Action Taken: No Action Taken.
Thu Sep 22 00:28:52 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LBNZDP0E\targ[1].chm infected by "Trojan-Downloader.Win32.Small.agq" Virus! Action Taken: No Action Taken.
Thu Sep 22 00:28:52 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LBNZDP0E\targ[2].chm infected by "Trojan-Downloader.Win32.Small.agq" Virus! Action Taken: No Action Taken.
Thu Sep 22 00:28:57 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LBNZDP0E\win32[1].exe infected by "Trojan-Downloader.Win32.Small.agq" Virus! Action Taken: No Action Taken.
Thu Sep 22 00:35:45 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RFTFFL4W\sploit[1].anr infected by "Trojan-Downloader.Win32.Ani.c" Virus! Action Taken: No Action Taken.
Thu Sep 22 01:37:52 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Thu Sep 22 01:43:43 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Sep 21 23:53:45 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temp\THI122.tmp\mxTarget.cab tagged as "not-a-virus:AdWare.BiSpy.p". Action Taken: No Action Taken.
Wed Sep 21 23:53:48 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temp\THI2383.tmp\mxTarget.cab tagged as "not-a-virus:AdWare.BiSpy.p". Action Taken: No Action Taken.
Wed Sep 21 23:53:48 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temp\THI26D8.tmp\mxTarget.cab tagged as "not-a-virus:AdWare.BiSpy.p". Action Taken: No Action Taken.
Wed Sep 21 23:53:48 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temp\THI3154.tmp\mxTarget.cab tagged as "not-a-virus:AdWare.BiSpy.p". Action Taken: No Action Taken.
Wed Sep 21 23:53:48 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temp\THI32FC.tmp\mxTarget.cab tagged as "not-a-virus:AdWare.BiSpy.p". Action Taken: No Action Taken.
Wed Sep 21 23:53:48 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temp\THI401D.tmp\twaintec.cab tagged as "not-a-virus:AdWare.BiSpy.o". Action Taken: No Action Taken.
Wed Sep 21 23:53:49 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temp\THID02.tmp\mxTarget.cab tagged as "not-a-virus:AdWare.BiSpy.p". Action Taken: No Action Taken.
Thu Sep 22 00:25:22 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KFVFI4XT\Blackremix-IRC[1].exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Thu Sep 22 00:35:28 2005 => File C:\Dokumente und Einstellungen\oez..\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RFTFFL4W\porn_stuff[1].com tagged as "not-a-virus:AdWare.ToolBar.BHO.o". Action Taken: No Action Taken.
Thu Sep 22 01:20:08 2005 => File C:\Programme\Weblookup Plugin\weblookup.dll tagged as "not-a-virus:AdWare.ToolBar.BHO.o". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Wed Sep 21 23:26:17 2005 => Offending Folder found: C:\PROGRA~1\bearshare
Wed Sep 21 23:26:17 2005 => Offending Folder found: C:\PROGRA~1\bearsh~1
Wed Sep 21 23:26:18 2005 => Offending Folder found: C:\PROGRA~1\freshdevices
Wed Sep 21 23:26:25 2005 => Offending file found: C:\WINDOWS\system32\uninstall.exe
Wed Sep 21 23:26:37 2005 => Offending file found: C:\WINDOWS\alchem.ini
Thu Sep 22 01:43:43 2005 => Total Virus(es) Found: 32
Thu Sep 22 01:43:43 2005 => Total Errors: 104
Thu Sep 22 01:43:43 2005 => Time Elapsed: 02:24:42
Thu Sep 22 01:43:43 2005 => Total Objects Scanned: 138921
Wed Sep 21 23:17:28 2005 => Virus Database Date: 2005/09/09
Thu Sep 22 01:43:43 2005 => Virus Database Date: 2005/09/09
Thu Sep 22 07:02:39 2005 => Virus Database Date: 2005/09/09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:19 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28