Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   ESCAN LOGFILE, bitte um hilfe (https://www.trojaner-board.de/25538-escan-logfile-bitte-um-hilfe.html)

kitkatde 07.01.2006 20:08
ESCAN LOGFILE, bitte um hilfe
 
Hallo nochmals zusammen,

auf meinen ersten Thraed bekam ich keine Antwort, habe nun einen Scan mit ESCAN gemacht.

Hier der Logfile:

Sat Jan 07 19:40:38 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 19:40:39 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 19:40:40 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 19:40:44 2006 => Offending Folder found: C:\Dokumente und Einstellungen\test\Eigene Dateien\harry potter ii\save
Sat Jan 07 19:40:44 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jan 07 19:40:57 2006 => Offending Folder found: C:\Dokumente und Einstellungen\test\Eigene Dateien\harry potter ii\save
Sat Jan 07 19:40:57 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.


Sat Jan 07 19:41:00 2006 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sat Jan 07 19:41:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "d:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\AOL 8.0\Aol.hlp". Action Taken: No Action Taken.

Sat Jan 07 19:41:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\AOL 8.0\Aol.cnt". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Creator3.exe" refers to invalid object "C:\Programme\LEGO Media\LEGO Creator Harry Potter\Creator3.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Easy-WebPrint" refers to invalid object "C:\Programme\Canon\Easy-WebPrint\Easy-WebPrint". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\EpSCTWeb.exe" refers to invalid object "C:\Programme\EPSON\ScanToWeb\EpSCTWeb.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\EPSON PhotoQuicker3.5.exe" refers to invalid object "C:\Programme\EPSON\EPSON PhotoQuicker3.5\EPSON PhotoQuicker3.5.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Roxioscan.exe" refers to invalid object "C:\Programme\Gemeinsame Dateien\Roxio Shared\Support\Roxioscan.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\REALTEK Semiconductor Corp.\Realtek RTL8139/810x Fast Ethernet NIC Driver Setup\setup.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BTW". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cst". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cxt". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".index". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LDF". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".plf". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prx". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SPW". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".usa". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".VCD". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online de". Action Taken: No Action Taken.

Sat Jan 07 19:41:16 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "xp-AntiSpy". Action Taken: No Action Taken.

Sat Jan 07 19:41:17 2006 => Entry "HKCR\CLSID\{2B26AEBA-25CB-419C-87FB-8880A77964F4}" refers to invalid object "C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:19 2006 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken.

Sat Jan 07 19:41:19 2006 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken.

Sat Jan 07 19:41:20 2006 => Entry "HKCR\CLSID\{B1EDCE8E-86A4-473a-8A36-54B322C3F618}" refers to invalid object "d:\Programme\Ulead Systems\Ulead PhotoImpact 8\wpe.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}" refers to invalid object "C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" refers to invalid object "C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{0CEBAFA2-A5F8-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{1257CD33-90D0-11D1-A197-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{143C9CF1-E3E7-11D1-A1D2-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{19362773-E965-11D1-A1F0-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{3937476C-846F-459C-BD47-75EC6B0834E4}" refers to invalid object "C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{3E895E71-0C27-11D2-A212-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{67800A63-C222-11D1-A1B3-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:21 2006 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\mDxEmul.mom". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\TypeLib\{9F3595E2-B5CC-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\TypeLib\{9FD46A24-F9E8-11D1-A204-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\TypeLib\{C8E100B3-6D59-11D1-A181-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\TypeLib\{FD6E3405-67CB-11D1-A17E-080009AB3411}" refers to invalid object "C:\DOKUME~1\test\LOKALE~1\Temp\ZipNrun.tmp\md8rntm.exe". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.acl" refers to invalid object "ACLFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.aw" refers to invalid object "AWFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.col" refers to invalid object "COLFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.det" refers to invalid object "DETFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.elm" refers to invalid object "ELMFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.ffa" refers to invalid object "FFAFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.ffl" refers to invalid object "FFLFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.fft" refers to invalid object "FFTFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.ffx" refers to invalid object "FFXFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.frg" refers to invalid object "Access.Fragment". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.gst" refers to invalid object "MSMap.Datainst.8". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.idc" refers to invalid object "idcfile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.ldb" refers to invalid object "Access.LockFile.9". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.lex" refers to invalid object "LEXFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.opc" refers to invalid object "OPCFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.pip" refers to invalid object "PIPFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.stf" refers to invalid object "STFFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.tuw" refers to invalid object "TUWFile". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\.wll" refers to invalid object "Word.Addin.8". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.

Sat Jan 07 19:41:22 2006 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sat Jan 07 19:41:23 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sat Jan 07 19:41:24 2006 => Entry "HKCR\Ulead.VOE.1" refers to invalid object "{6C91BBFD-0781-4936-A3DC-10D60BA3294D}

". Action Taken: No Action Taken.

Ich bitte um eure hilfe und danke im voraus für eure Antworten und Tipps.

Gruß

kitkatde

felix1 07.01.2006 20:17
Lade und update Ad-aware sowie Spybot S&D und lasse die Programme laufen.
Mit Spybot immunisieren
http://www.comsafe.de/download.html
Installiere Clearprog, rufe es auf und setze den Haken bei alles löschen und dann Löschen drücken.
http://www.clearprog.de/

Lade RegSeeker

Sichern vor Löschen anhaken und nur die grünen Funde entfernen!
Gehe mal in die Systemsteuerung->Software und entferne Dir unbekannte Programme.
Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Anschließend neuer escan und wieder das mit der find.bat erstellte Log posten.

kitkatde 07.01.2006 22:24
Hi,

danke für deine schnelle Antwort.

Habe alles so durchgeführt, hier der neue Log File von ESCAN:

Sat Jan 07 22:19:07 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 22:19:07 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 22:19:07 2006 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
Sat Jan 07 22:19:07 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 22:19:07 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 22:19:08 2006 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Sat Jan 07 22:19:12 2006 => Offending Folder found: C:\Dokumente und Einstellungen\test\Eigene Dateien\harry potter ii\save
Sat Jan 07 22:19:12 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Jan 07 22:19:13 2006 => Offending Folder found: C:\Dokumente und Einstellungen\test\Eigene Dateien\harry potter ii\save
Sat Jan 07 22:19:13 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.


Darüber hinaus meldet das Programm 81 Errors.

Ich danke schon mal im voraus für deine Hilfe.

Gruß

kitkatde

felix1 07.01.2006 22:43
Lade Dir mal die 14-Tage-Version von Ewido, update sie:
http://www.ewido.net/de/download/
Lasse Ewido das System scannen und bereinigen.
Poste das Ergebnis des Scans mit ewido.
Und dann nochmals:
Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Anschließend neuer escan und wieder das mit der find.bat erstellte Log posten


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:19 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129