| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: um escan-log zu verstehen ...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.09.2005, 19:57
| #1 |
  |  um escan-log zu verstehen ... ... setz ich mal mein ergebnis hier rein ... müsste sauber sein - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Sep 29 18:44:47 2005 => System found infected with clipgenie Spyware/Adware (channels.ini)! Action taken: No Action Taken. Thu Sep 29 18:59:14 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Thu Sep 29 19:48:03 2005 => Scanning Folder: F:\Programme\AVPersonal\INFECTED\*.* Thu Sep 29 20:18:15 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Thu Sep 29 18:42:20 2005 => Offending Key found: HKLM\Software\kazaa !!! Thu Sep 29 18:44:32 2005 => Offending Key found: HKCU\Software\kazaa !!! Thu Sep 29 18:44:32 2005 => Offending Key found: HKCU\Software\VB and VBA Program Settings\roulette !!! Thu Sep 29 18:44:33 2005 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\etraffic !!! Thu Sep 29 18:44:33 2005 => Offending Key found: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\savenow !!! Thu Sep 29 18:44:36 2005 => Offending Folder found: C:\Dokumente und Einstellungen\cotton(B)\Anwendungsdaten\opera\opera\profile\toolbar Thu Sep 29 18:44:47 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gtek\gtupdate\aupdate\channels\channels.ini Thu Sep 29 20:18:15 2005 => Total Virus(es) Found: 7 Thu Sep 29 20:18:15 2005 => Total Errors: 102 Thu Sep 29 20:18:15 2005 => Time Elapsed: 01:35:43 Thu Sep 29 20:18:15 2005 => Total Objects Scanned: 72135 Thu Sep 29 18:39:47 2005 => Virus Database Date: 2005/09/29 Thu Sep 29 20:18:15 2005 => Virus Database Date: 2005/09/29 Thu Sep 29 20:31:46 2005 => Virus Database Date: 2005/09/29 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ aber "total virus found 7" und die errors versteh ich dann nich ... und im escanfenster stand wärend des scannens: (virus log information) Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "ace club casino Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "topmoxie Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu/savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "clipgenie Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Resource\CMap\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Resource\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 6.0\Resource\Font\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig\DEU\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".afx". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfm". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".H0". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".H0°". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jpg@01C585A9[1]". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MMMxxx". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MM_". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfk". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vu". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Dr. Hardware 2004 5.5.0d". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "hp deskjet 840c series". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hühner Frikassee Demo". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Lauge - Browser für eBay_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Light Driver". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MAGIX music maker generation 6". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MAGIX music studio generation 6". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SaveNow". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SiSoftware Sandra Lite 2005.SR1_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sonic Adventures: Sunset Coast_is1". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Super Mario Epic". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WaveLabDemo". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Zoggi". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0647DF88-9894-4E50-8137-81E24A33BED4}" refers to invalid object "C:\Programme\Gemeinsame Dateien\G DATA\ObjBrwse.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{0AD95878-DE16-4C4C-BE87-9C05EE09B244}" refers to invalid object "C:\Programme\Gemeinsame Dateien\G DATA\ObjBrwse.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{63E6BE14-A742-4EEA-8AF3-0EC39F10F850}" refers to invalid object "C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{9F5A98E6-BB35-4A8D-A759-9D18BCCA85A0}" refers to invalid object "C:\Programme\Gemeinsame Dateien\G DATA\ObjBrwse.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A2D4475B-C9AA-48E2-A029-1DB829DACF7B}" refers to invalid object "C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{AFD07A5E-3E20-4D77-825C-2F6D1A50BE5B}" refers to invalid object "C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{D9A68884-3E75-476F-977A-5D572244C6D2}" refers to invalid object "C:\Programme\Gemeinsame Dateien\G DATA\ObjBrwse.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}" refers to invalid object "C:\Programme\Google\Google Earth\GoogleEarth.exe". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{5E6ADDDD-2CE8-4637-BD34-F45CAB5399A9}" refers to invalid object "C:\Programme\Gemeinsame Dateien\G DATA\ObjBrwse.dll". Action Taken: No Action Taken. Entry "HKCR\MMM6.Document\shell\open\command" refers to invalid object "C:\PROGRA~1\MAGIXM~1\MUSICM~1.EXE "%1"". Action Taken: No Action Taken. Entry "HKCR\Sampli3.Document\shell\open\command" refers to invalid object "C:\MAGIX\msg6std\AudStu.exe "%1"". Action Taken: No Action Taken. Entry "HKCR\sid_auto_file\shell\open\command" refers to invalid object ""C:\Dokumente und Einstellungen\cotton(B)\Desktop\TinySid.exe" "%1"". Action Taken: No Action Taken. das rot markierte is seltsam. topmoxie und savenow dachte ich eigentlich entfernt zu haben ... und das "$$$" steht bei mir seit escan in C: aber bevor ich noch mehr frage, warte ich erstmal, was ihr dazu sagt ... schon mal danke, fürs drüberschauen ... ps: wenn zu viel/unnötig gepostet editiere ichs weg ...  |
| Themen zu um escan-log zu verstehen ... |
| 1.exe, acrobat, adobe, browser, danke, dateien, desktop, driver, ebay, einstellungen, ergebnis, explorer, frage, g data, google, google earth, infected, log, magix, microsoft, opera, programme, scan, setup, software, studio, super, system, update, virus, windows, wärend |
Baum-Darstellung