Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   ESCAN LOGFILE, bitte um hilfe (https://www.trojaner-board.de/25538-escan-logfile-bitte-um-hilfe.html)

kitkatde 07.01.2006 20:08
ESCAN LOGFILE, bitte um hilfe
 
Hallo nochmals zusammen,

auf meinen ersten Thraed bekam ich keine Antwort, habe nun einen Scan mit ESCAN gemacht.

Hier der Logfile:

Sat Jan 07 19:40:38 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 19:40:40 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 19:40:44 2006 => Offending Folder found: C:\Dokumente und Einstellungen\test\Eigene Dateien\harry potter ii\save
Sat Jan 07 19:40:44 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jan 07 19:40:57 2006 => Offending Folder found: C:\Dokumente und Einstellungen\test\Eigene Dateien\harry potter ii\save
Sat Jan 07 19:40:57 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.


Sat Jan 07 19:41:00 2006 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sat Jan 07 19:41:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\AOL 8.0\Aol.hlp". Action Taken: No Action Taken.

Sat Jan 07 19:41:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\AOL 8.0\Aol.cnt". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Creator3.exe" refers to invalid object "C:\Programme\LEGO Media\LEGO Creator Harry Potter\Creator3.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Easy-WebPrint" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Easy-WebPrint". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\EpSCTWeb.exe" refers to invalid object "C:\Programme\EPSON\ScanToWeb\EpSCTWeb.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\EPSON PhotoQuicker3.5.exe" refers to invalid object "C:\Programme\EPSON\EPSON PhotoQuicker3.5\EPSON PhotoQuicker3.5.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Roxioscan.exe" refers to invalid object "C:\Programme\Gemeinsame Dateien\Roxio Shared\Support\Roxioscan.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\REALTEK Semiconductor Corp.\Realtek RTL8139/810x Fast Ethernet NIC Driver Setup\setup.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BTW". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cst". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cxt". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".index". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LDF". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".plf". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prx". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SPW". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".usa". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VCD". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online de". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "xp-AntiSpy". Action Taken: No Action Taken.

Sat Jan 07 19:41:17 2006 => Entry "HKCR\CLSID\{2B26AEBA-25CB-419C-87FB-8880A77964F4}" refers to invalid object "C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:19 2006 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken.

Sat Jan 07 19:41:19 2006 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken.

Sat Jan 07 19:41:20 2006 => Entry "HKCR\CLSID\{B1EDCE8E-86A4-473a-8A36-54B322C3F618}" refers to invalid object "d:\Programme\Ulead Systems\Ulead PhotoImpact 8\wpe.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}" refers to invalid object "C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" refers to invalid object "C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{0CEBAFA2-A5F8-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{1257CD33-90D0-11D1-A197-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{143C9CF1-E3E7-11D1-A1D2-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{19362773-E965-11D1-A1F0-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{3937476C-846F-459C-BD47-75EC6B0834E4}" refers to invalid object "C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{3E895E71-0C27-11D2-A212-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{67800A63-C222-11D1-A1B3-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\TypeLib\{9F3595E2-B5CC-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\TypeLib\{9FD46A24-F9E8-11D1-A204-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\TypeLib\{C8E100B3-6D59-11D1-A181-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\TypeLib\{FD6E3405-67CB-11D1-A17E-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.idc" refers to invalid object "idcfile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sat Jan 07 19:41:24 2006 => Entry "HKCR\Ulead.VOE.1" refers to invalid object "{6C91BBFD-0781-4936-A3DC-10D60BA3294D}

". Action Taken: No Action Taken.

Ich bitte um eure hilfe und danke im voraus für eure Antworten und Tipps.

Gruß

kitkatde

felix1 07.01.2006 20:17
Lade und update Ad-aware sowie Spybot S&D und lasse die Programme laufen.
Mit Spybot immunisieren
http://www.comsafe.de/download.html
Installiere Clearprog, rufe es auf und setze den Haken bei alles löschen und dann Löschen drücken.
http://www.clearprog.de/

Lade RegSeeker

Sichern vor Löschen anhaken und nur die grünen Funde entfernen!
Gehe mal in die Systemsteuerung->Software und entferne Dir unbekannte Programme.
Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Anschließend neuer escan und wieder das mit der find.bat erstellte Log posten.

kitkatde 07.01.2006 22:24
Hi,

danke für deine schnelle Antwort.

Habe alles so durchgeführt, hier der neue Log File von ESCAN:

Sat Jan 07 22:19:07 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 22:19:07 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 22:19:07 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 22:19:07 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 22:19:07 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 22:19:08 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 22:19:12 2006 => Offending Folder found: C:\Dokumente und Einstellungen\test\Eigene Dateien\harry potter ii\save
Sat Jan 07 22:19:12 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jan 07 22:19:13 2006 => Offending Folder found: C:\Dokumente und Einstellungen\test\Eigene Dateien\harry potter ii\save
Sat Jan 07 22:19:13 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.


Darüber hinaus meldet das Programm 81 Errors.

Ich danke schon mal im voraus für deine Hilfe.

Gruß

kitkatde

felix1 07.01.2006 22:43
Lade Dir mal die 14-Tage-Version von Ewido, update sie:
http://www.ewido.net/de/download/
Lasse Ewido das System scannen und bereinigen.
Poste das Ergebnis des Scans mit ewido.
Und dann nochmals:
Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Anschließend neuer escan und wieder das mit der find.bat erstellte Log posten


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:52 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131