Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Escan meldet AltNet Spyware

Escan meldet AltNet Spyware


Plagegeister aller Art und deren Bekämpfung: Escan meldet AltNet Spyware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.05.2005, 09:46   #1
raven33V8
 
Escan meldet AltNet Spyware - Standard

Escan meldet AltNet Spyware


Hallo Leude,

habe mal wieder mein System gecheckt.

Weder Adaware,Spybot,A2 noch AntiVir brachten dabei eine Meldung.

Nur der Escan hat folgenden Fund gemeldet:



Mon May 23 17:09:32 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Mon May 23 17:09:39 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Mon May 23 18:01:53 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.



Dabei handelt es sich offenbar um einen eintrag in der Registry, den ich aber nicht finden kann.
__________________
<img>Es ist selten zu früh und niemals zu spät<img>

Alt 26.05.2005, 09:48   #2
raven33V8
 
Escan meldet AltNet Spyware - Standard

Escan meldet AltNet Spyware


Desweiteren werden jede menge DLLs die zu Invalid Objekts gehören gemeldet.Was hats den damit auf sich?



Mon May 23 18:02:08 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action
__________________

__________________
Alt 26.05.2005, 09:50   #3
raven33V8
 
Escan meldet AltNet Spyware - Standard

Escan meldet AltNet Spyware


Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Csy.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Dan.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ell.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esl.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fin.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Hun.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nor.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Plk.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptb.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Rus.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sky.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Slv.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sve.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Tha.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Trk.nls". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_chs.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_cht.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_kor.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_sve.chm". Action Taken: No Action Taken.

Mon May 23 18:02:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\logo.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\scribble.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\dot.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\mnature.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\hoverbot.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\will.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\powerpup.act". Action Taken: No Action Taken.

Mon May 23 18:02:11 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "I:\Office\Assistnt\genius.act". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe\Photoshop Album\Kataloge\My Catalog.psa". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000000-0001-0001-0000-000000000000}" refers to invalid object "c:\programme\steganos security suite 6\shredderse.dll". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}" refers to invalid object "C:\MUHURTA\DAO350.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{000208FE-0000-0000-C000-000000000046}" refers to invalid object "xlrec.dll". Action Taken: No Action Taken.

Mon May 23 18:02:12 2005 => Entry "HKCR\CLSID\{000208FF-0000-0000-C000-000000000046}" refers to invalid object "xlrec.dll". Action Taken: No Action Taken.

Mon May 23 18:02:14 2005 => Entry "HKCR\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\MUHURTA\MFC42.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:14 2005 => Entry "HKCR\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\MUHURTA\MFC42.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:14 2005 => Entry "HKCR\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" refers to invalid object "C:\MUHURTA\MFC42.DLL". Action Taken: No Action Taken.

Mon May 23 18:02:14 2005 => Entry "HKCR\CLSID\{0DED49D5-A8B7-4d5d-97A1-12B0C195874D}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken.

Mon May 23 18:02:26 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.

Mon May 23 18:02:26 2005 => Entry "HKCR\CLSID\{8E27C92B-1264-101C-8A2F-040224009C02}" refers to invalid object "C:\MUHURTA\MSCAL.OCX". Action Taken: No Action Taken.

Mon May 23 18:02:26 2005 => Entry "HKCR\CLSID\{8E27C92F-1264-101C-8A2F-040224009C02}" refers to invalid object "C:\MUHURTA\MSCAL.OCX". Action Taken: No Action Taken.

Mon May 23 18:02:27 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.

Mon May 23 18:02:28 2005 => Entry "HKCR\CLSID\{A8561647-E93C-11d3-AC3B-CE6078F7B616}" refers to invalid object "C:\WINDOWS\system32\VSPRINT7.ocx". Action Taken: No Action Taken.

Mon May 23 18:02:29 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.

Mon May 23 18:02:36 2005 => Entry "HKCR\CLSID\{FD0A5AF3-B41D-11d2-9C95-00C04F7971E0}" refers to invalid object "BdaPlgin.ax". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Automatische Zuordnung.Map.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Mon May 23 18:02:40 2005 => Entry "HKCR\Automatische Zuordnung.Template.EU.9" refers to invalid object "{A49EEA01-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.

Mon May 23 18:02:54 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Mon May 23 18:02:54 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Mon May 23 18:02:55 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Mon May 23 18:02:55 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Mon May 23 18:02:59 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Mon May 23 18:02:59 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Mon May 23 18:02:59 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Mon May 23 18:02:59 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
__________________
__________________
Alt 26.05.2005, 09:53   #4
raven33V8
 
Escan meldet AltNet Spyware - Standard

Escan meldet AltNet Spyware


Zu guter letzt nun noch mein Hijack Log:



Logfile of HijackThis v1.99.1
Scan saved at 09:38:04, on 26.05.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Telekom\Eumex 404PC\Capictrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\DOKUME~1\Clyde\LOKALE~1\Temp\Temporäres Verzeichnis 4 für hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=16534
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CAPIControl.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - !file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - !file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - !file:///C:\Programme\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\DOKUME~1\Clyde\LOKALE~1\Temp\outpost.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe



Für Eure Bemühungen im vor raus schon mal vielen Dank.



M.f.G raven



Sorry wegen der vielen posts aber bei dem Versuch alles auf einmal hochzuladen bekam ich immer eine Fehlermeldung.
__________________
<img>Es ist selten zu früh und niemals zu spät<img>

Alt 26.05.2005, 13:16   #5
rich20
 
Escan meldet AltNet Spyware - Standard

Escan meldet AltNet Spyware


Hatte vor kurzem auch dieses Problem. Obwohl ich in letzter Zeit nichts installiert habe, außer ein Update von Microsoft, hat die neue Version von E-Scan auf einmal diese Meldung ausgegeben. (früher, die alte Version nicht)

Folgender Schlüssel hat diese Meldung ausgelöst:

"HKLM\Software\microsoft\downloadmanager" ab (Standart) REG_SZ (Wert nicht gesetzt)

Nachdem ich diesen gelöscht habe, ist Ruhe.

Außerdem habe ich auch noch diese Einträge gefunden und diese ebenso gelöscht.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="altnet"

[HKEY_USERS\S-1-5-21-57989841-813497703-839522115-500\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="altnet"

[HKEY_USERS\S-1-5-21-57989841-813497703-839522115-500\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"005"="altnet"

Nachdem es mir keine Ruhe gelassen hat, habe ich gesucht und dies gefunden:

a² HiJackFree Prozess Details:
Dateiname: avgctrl.exe
Standard Pfad: %programpath%\
[Hinweis: %programpath% ist üblicherweise c:\programme auf deutschen Systemen]
Clsid: C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1
Betriebssysteme: Win 98/ME, Win NT4, Win 2000, Win XP, Win 2003

Software Name: Antivir Guard/XP Control Program
Firmenname: H+BEDV DatentechnikGmbH
Firmen Website: h**p://www.antivir.de
Ist Teil der Produkte: Antivir personal (virus scanner)
Läuft als Dienst: Nein
Ist sichtbarer Task: Ja

Status: 0 - Keine Malware
Beschreibung: Antivir Guard/XP Control Program

Was die Auswertung von HijackThis betrifft, diese überlasse ich den Profis von hier, die das besser können.

__________________
Gruß: rich

Alt 26.05.2005, 13:50   #6
raven33V8
 
Escan meldet AltNet Spyware - Standard

Escan meldet AltNet Spyware


Danke Rich !
Also mal wieder Microschrott.
Dann werde ich doch mal diesen Schlüssel löschen.

gruß raven
__________________
--> Escan meldet AltNet Spyware

Alt 27.05.2005, 13:35   #7
raven33V8
 
Escan meldet AltNet Spyware - Standard

Escan meldet AltNet Spyware


OK schlüssel gelöscht und erstes Problem erledigt,danke rich.
Aber was hat es mit diesen ganzen errors (siehe oben) auf sich?

gruß raven
__________________
<img>Es ist selten zu früh und niemals zu spät<img>

Alt 27.05.2005, 14:10   #8
rich20
 
Escan meldet AltNet Spyware - Standard

Escan meldet AltNet Spyware


Was es mit den vielen Meldungen auf sich hat, kann ich nicht sagen, bei mir war es zwar nur ein invalider Schlüssel, den E-Scan gemeldet hat. Interesannterweise kommt nun keine Fehlermeldung mehr, seit ich diesen ominösen Schlüssel gelöscht habe.
Scanne einfach nochmal nur die Regdateien.
__________________
Gruß: rich

Antwort

Themen zu Escan meldet AltNet Spyware
action, adaware, altnet, antivir, black, downloadmanager, eintrag, escan, file, folge, folgende, found, fund, handel, melde, meldet, microsoft, object, offending, registry, scanning, software, spybot, spyware, system, taken, value


« win32/HookDLL.3072!DLL!Trojan | TR/Agent.BI »


Ähnliche Themen: Escan meldet AltNet Spyware


  1. Altnet Trojaner: eScan Ergebnisse
    Mülltonne - 28.12.2008 (0)
  2. eScan meldet 8 Infektionen, wie kriege ich die weg?
    Plagegeister aller Art und deren Bekämpfung - 13.10.2007 (0)
  3. eScan meldet Spyware/Adware
    Plagegeister aller Art und deren Bekämpfung - 02.07.2007 (5)
  4. eScan meldet Adware/Spyware...
    Plagegeister aller Art und deren Bekämpfung - 22.04.2007 (7)
  5. Deftig Spyware gefunden (escan) Was nun?
    Plagegeister aller Art und deren Bekämpfung - 01.04.2006 (2)
  6. eScan findet Ad/Spyware
    Plagegeister aller Art und deren Bekämpfung - 21.03.2006 (18)
  7. escan hat spyware gefunden und nun?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2006 (2)
  8. escan: 2 mal spyware/adware gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.11.2005 (4)
  9. Altnet Spyware?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2005 (8)
  10. W98 escan AltNet
    Log-Analyse und Auswertung - 30.07.2005 (1)
  11. AltNet Spyware/Adware
    Plagegeister aller Art und deren Bekämpfung - 26.07.2005 (1)
  12. eScan meldet 4 Viren...
    Plagegeister aller Art und deren Bekämpfung - 20.07.2005 (1)
  13. eScan meldet spyware in system file
    Log-Analyse und Auswertung - 13.07.2005 (3)
  14. Alexa und AltNet Spyware gefunden, Hilfe bitte!
    Plagegeister aller Art und deren Bekämpfung - 04.07.2005 (1)
  15. EScan Fehlalarm: 180Solution und VX2 - Keine Spyware !!!!
    Log-Analyse und Auswertung - 11.04.2005 (8)
  16. escan meldet diesen Befund
    Log-Analyse und Auswertung - 18.03.2005 (1)
  17. eScan meldet 111 Virus(es) Found...
    Plagegeister aller Art und deren Bekämpfung - 31.01.2005 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Escan meldet AltNet Spyware - Hallo Leude, habe mal wieder mein System gecheckt. Weder Adaware,Spybot,A2 noch AntiVir brachten dabei eine Meldung. Nur der Escan hat folgenden Fund gemeldet: Mon May 23 17:09:32 2005 => ***** - Escan meldet AltNet Spyware...
Archiv
Du betrachtest: Escan meldet AltNet Spyware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55