Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hilfe bei escan (https://www.trojaner-board.de/21671-hilfe-escan.html)

Diddi1000 11.09.2005 12:00
Hilfe bei escan
 
Hallo,
benötige Hilfe bei escan log. Spybot und Adaware haben nichts gefunden, aber der Rechner geht häufig ohne Ankündigung aus.
Hier escan-log, habe nur freeware, kann damit nichts beheben:

System found infected with altnetbde Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken
System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\INT13EXT.VXD". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NikonView.exe" refers to invalid object "C:\Programme\Nikon\NkView6\NikonView.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Ontrack\EasyRecovery Professional Trial\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asd". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bckp". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".image". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "INSTAFINK". Action Taken: No Action Taken.

Sun Sep 11 12:42:05 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.

Sun Sep 11 12:42:06 2005 => Entry "HKCR\CLSID\{B15886CD-E8F8-11D5-B898-000374890932}" refers to invalid object "C:\Postme\PLUGINS\pgpgnupg.exe". Action Taken: No Action Taken.

Sun Sep 11 12:42:08 2005 => Entry "HKCR\TypeLib\{074D261D-AC90-4405-8CF4-E0D25EC8165B}" refers to invalid object "C:\DOKUME~1\Seel\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.

Sun Sep 11 12:42:08 2005 => Entry "HKCR\TypeLib\{50FEAEFE-148A-47D9-A406-8AC51B70D586}" refers to invalid object "C:\DOKUME~1\Seel\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.

Sun Sep 11 12:42:09 2005 => Entry "HKCR\TypeLib\{B15886C0-E8F8-11D5-B898-000374890932}" refers to invalid object "C:\Postme\PLUGINS\pgpgnupg.exe". Action Taken: No Action Taken.

Sun Sep 11 12:42:09 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.

Sun Sep 11 12:42:09 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.

Sun Sep 11 12:42:10 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sun Sep 11 12:42:10 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sun Sep 11 12:42:10 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:11 2005 => Entry "HKCR\ed2k\shell\open\command" refers to invalid object ""C:\Programme\eMule\eMule.exe" "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\NeroCopyType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\Nero\nero.exe "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\NeroCueSheetType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\Nero\nero.exe "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\NeroErrorType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\Nero\nero.exe "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\NeroHDBackupType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\Nero\nero.exe "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sun Sep 11 12:42:14 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sun Sep 11 12:42:14 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Sun Sep 11 12:45:16 2005 => Datei C:\Dokumente und Einstellungen\Seel\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-2c7837ac.zip infiziert von "Exploit.Java.ByteVerify" Virus. Aktion vorgenommen: No Action Taken.

Karaya 11.09.2005 12:14
Hallo,

hast Du die Anleitung gelesen?
Richtig, mit eScan-Free kannst Du nichts entfernen, es wird Dir aber angezeigt wo der Schaden sitzt. ;)

karaya

Diddi1000 12.09.2005 06:53
Hier noch mal den neuen escan. Wer kann mir beim Entfernen helfen?:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 11 18:23:00 2005 => System found infected with altnetbde Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Sun Sep 11 18:23:24 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sun Sep 11 18:23:24 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sun Sep 11 18:23:24 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
Sun Sep 11 18:24:00 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
Sun Sep 11 18:25:30 2005 => File C:\Dokumente und Einstellungen\Seel\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-2c7837ac.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Sun Sep 11 19:20:22 2005 => System found infected with altnetbde Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Sun Sep 11 19:20:45 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sun Sep 11 19:20:45 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sun Sep 11 19:20:45 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:22 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
Sun Sep 11 19:22:49 2005 => File C:\Dokumente und Einstellungen\Seel\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-2c7837ac.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Sun Sep 11 19:27:18 2005 => Scanning Folder: C:\Programme\ESET\infected\*.*
Sun Sep 11 19:37:21 2005 => System found infected with altnetbde Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Sun Sep 11 19:38:06 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sun Sep 11 19:38:06 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sun Sep 11 19:38:06 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:18 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
Sun Sep 11 19:41:43 2005 => File C:\Dokumente und Einstellungen\Seel\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-2c7837ac.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Sun Sep 11 19:49:32 2005 => Scanning Folder: C:\Programme\ESET\infected\*.*
Sun Sep 11 21:48:33 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
Sun Sep 11 21:14:02 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sun Sep 11 21:14:02 2005 => File C:\WINDOWS\Temp\Altnet\dmfiles.cab tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
Sun Sep 11 21:14:03 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.o". Action Taken: No Action Taken.
Sun Sep 11 21:14:04 2005 => File C:\WINDOWS\Temp\Altnet\pmexe.cab tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken.
Sun Sep 11 21:14:04 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 11 18:23:10 2005 => Offending Folder found: C:\PROGRA~1\kazaa
Sun Sep 11 18:23:24 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:24 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:24:00 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:20:32 2005 => Offending Folder found: C:\PROGRA~1\kazaa
Sun Sep 11 19:20:45 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:20:45 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:22 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:37:41 2005 => Offending Folder found: C:\PROGRA~1\kazaa
Sun Sep 11 19:38:06 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:38:06 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 21:48:33 2005 => Total Virus(es) Found: 22
Sun Sep 11 21:48:34 2005 => Total Errors: 57
Sun Sep 11 21:48:34 2005 => Time Elapsed: 02:07:42
Sun Sep 11 21:48:33 2005 => Total Objects Scanned: 46093
Sun Sep 11 18:21:46 2005 => Virus Database Date: 2005/09/11
Sun Sep 11 19:19:13 2005 => Virus Database Date: 2005/09/11
Sun Sep 11 19:35:56 2005 => Virus Database Date: 2005/09/11
Sun Sep 11 21:48:34 2005 => Virus Database Date: 2005/09/11
Sun Sep 11 21:48:44 2005 => Virus Database Date: 2005/09/11


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131