Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hilfe bei escan (https://www.trojaner-board.de/21671-hilfe-escan.html)

Diddi1000 11.09.2005 12:00
Hilfe bei escan
 
Hallo,
benötige Hilfe bei escan log. Spybot und Adaware haben nichts gefunden, aber der Rechner geht häufig ohne Ankündigung aus.
Hier escan-log, habe nur freeware, kann damit nichts beheben:

System found infected with altnetbde Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken
System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\msxml3a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\INT13EXT.VXD". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\NikonView.exe" refers to invalid object "C:\Programme\Nikon\NkView6\NikonView.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Ontrack\EasyRecovery Professional Trial\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asd". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bckp". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".image". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar". Action Taken: No Action Taken.

Sun Sep 11 12:42:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "INSTAFINK". Action Taken: No Action Taken.

Sun Sep 11 12:42:05 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.

Sun Sep 11 12:42:06 2005 => Entry "HKCR\CLSID\{B15886CD-E8F8-11D5-B898-000374890932}" refers to invalid object "C:\Postme\PLUGINS\pgpgnupg.exe". Action Taken: No Action Taken.

Sun Sep 11 12:42:08 2005 => Entry "HKCR\TypeLib\{074D261D-AC90-4405-8CF4-E0D25EC8165B}" refers to invalid object "C:\DOKUME~1\Seel\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.

Sun Sep 11 12:42:08 2005 => Entry "HKCR\TypeLib\{50FEAEFE-148A-47D9-A406-8AC51B70D586}" refers to invalid object "C:\DOKUME~1\Seel\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.

Sun Sep 11 12:42:09 2005 => Entry "HKCR\TypeLib\{B15886C0-E8F8-11D5-B898-000374890932}" refers to invalid object "C:\Postme\PLUGINS\pgpgnupg.exe". Action Taken: No Action Taken.

Sun Sep 11 12:42:09 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.

Sun Sep 11 12:42:09 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.

Sun Sep 11 12:42:10 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sun Sep 11 12:42:10 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sun Sep 11 12:42:10 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:11 2005 => Entry "HKCR\ed2k\shell\open\command" refers to invalid object ""C:\Programme\eMule\eMule.exe" "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\NeroCopyType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\Nero\nero.exe "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\NeroCueSheetType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\Nero\nero.exe "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:12 2005 => Entry "HKCR\NeroErrorType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\Nero\nero.exe "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\NeroHDBackupType\shell\open\command" refers to invalid object "C:\PROGRA~1\Ahead\Nero\nero.exe "%1"". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sun Sep 11 12:42:13 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sun Sep 11 12:42:14 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sun Sep 11 12:42:14 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Sun Sep 11 12:45:16 2005 => Datei C:\Dokumente und Einstellungen\Seel\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-2c7837ac.zip infiziert von "Exploit.Java.ByteVerify" Virus. Aktion vorgenommen: No Action Taken.

Karaya 11.09.2005 12:14
Hallo,

hast Du die Anleitung gelesen?
Richtig, mit eScan-Free kannst Du nichts entfernen, es wird Dir aber angezeigt wo der Schaden sitzt. ;)

karaya

Diddi1000 12.09.2005 06:53
Hier noch mal den neuen escan. Wer kann mir beim Entfernen helfen?:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 11 18:23:00 2005 => System found infected with altnetbde Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Sun Sep 11 18:23:24 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sun Sep 11 18:23:24 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sun Sep 11 18:23:24 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
Sun Sep 11 18:23:56 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
Sun Sep 11 18:24:00 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
Sun Sep 11 18:25:30 2005 => File C:\Dokumente und Einstellungen\Seel\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-2c7837ac.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Sun Sep 11 19:20:22 2005 => System found infected with altnetbde Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Sun Sep 11 19:20:45 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sun Sep 11 19:20:45 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sun Sep 11 19:20:45 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:18 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
Sun Sep 11 19:21:22 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
Sun Sep 11 19:22:49 2005 => File C:\Dokumente und Einstellungen\Seel\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-2c7837ac.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Sun Sep 11 19:27:18 2005 => Scanning Folder: C:\Programme\ESET\infected\*.*
Sun Sep 11 19:37:21 2005 => System found infected with altnetbde Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
Sun Sep 11 19:38:06 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sun Sep 11 19:38:06 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sun Sep 11 19:38:06 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:10 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
Sun Sep 11 19:39:18 2005 => System found infected with WhenU.SaveNow Spyware/Adware (setup_wm.exe)! Action taken: No Action Taken.
Sun Sep 11 19:41:43 2005 => File C:\Dokumente und Einstellungen\Seel\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-92a91d4-2c7837ac.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Sun Sep 11 19:49:32 2005 => Scanning Folder: C:\Programme\ESET\infected\*.*
Sun Sep 11 21:48:33 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
Sun Sep 11 21:14:01 2005 => File C:\WINDOWS\Temp\Altnet\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
Sun Sep 11 21:14:02 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
Sun Sep 11 21:14:02 2005 => File C:\WINDOWS\Temp\Altnet\dmfiles.cab tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
Sun Sep 11 21:14:03 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.o". Action Taken: No Action Taken.
Sun Sep 11 21:14:04 2005 => File C:\WINDOWS\Temp\Altnet\pmexe.cab tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken.
Sun Sep 11 21:14:04 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 11 18:23:10 2005 => Offending Folder found: C:\PROGRA~1\kazaa
Sun Sep 11 18:23:24 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:24 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:23:56 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 18:24:00 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:20:32 2005 => Offending Folder found: C:\PROGRA~1\kazaa
Sun Sep 11 19:20:45 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:20:45 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:21:22 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:37:41 2005 => Offending Folder found: C:\PROGRA~1\kazaa
Sun Sep 11 19:38:06 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:38:06 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:10 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 19:39:18 2005 => Offending file found: C:\WINDOWS\TEMP
Sun Sep 11 21:48:33 2005 => Total Virus(es) Found: 22
Sun Sep 11 21:48:34 2005 => Total Errors: 57
Sun Sep 11 21:48:34 2005 => Time Elapsed: 02:07:42
Sun Sep 11 21:48:33 2005 => Total Objects Scanned: 46093
Sun Sep 11 18:21:46 2005 => Virus Database Date: 2005/09/11
Sun Sep 11 19:19:13 2005 => Virus Database Date: 2005/09/11
Sun Sep 11 19:35:56 2005 => Virus Database Date: 2005/09/11
Sun Sep 11 21:48:34 2005 => Virus Database Date: 2005/09/11
Sun Sep 11 21:48:44 2005 => Virus Database Date: 2005/09/11


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:22 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129