Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
e-scan log...bitte um hilfe

e-scan log...bitte um hilfe


Log-Analyse und Auswertung: e-scan log...bitte um hilfe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 01.10.2005, 17:00   #1
hatecrimes
 
e-scan log...bitte um hilfe - Böse

e-scan log...bitte um hilfe


tag allerseits..
ich hab ngroßes problem mit unserem "wg-computer"! da ich in unserer wg der einzige bin der sich wenigstens ein bischen mit diesem kram auskennt ist es meine aufgabe die kiste am laufen zu halten.eigentlich gibt es keine größeren ersichtlichen probleme...
ich überprüfe ständig mit AntiVir XP, Ad-Aware SE Personal, Spybot - Search & Destroy sowie CWShredder (außerdem noch tuneup utilities +RegOptimierer und ClearProg,tut hier aber glaub ich nichts zur sache)
firewall oder ähnliches ist nicht vorhanden,ebenfalls kein service pack 2 da ich irgendwo mal gehört hatte das es nicht vorteilhaft beim online-zocken sei...

jetzt habe ich mal e-scan durchlaufen lassen:

Alt 01.10.2005, 17:00   #2
hatecrimes
 
e-scan log...bitte um hilfe - Standard

e-scan log...bitte um hilfe


Sat Oct 01 16:37:43 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Oct 01 16:37:43 2005 => Loading Spyware Signatures from new External Database (Size: 144406).
Sat Oct 01 16:37:45 2005 => Indexed Spyware Databases Successfully Created...

Sat Oct 01 16:38:02 2005 => System found infected with istbar Spyware/Adware ({d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d})! Action taken: No Action Taken.
Sat Oct 01 16:38:03 2005 => Offending Key found: HKLM\Software\gnu !!!
Sat Oct 01 16:38:03 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:03 2005 => Offending Key found: HKLM\Software\msbb !!!
Sat Oct 01 16:38:03 2005 => Object "msbb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:03 2005 => Offending Key found: HKLM\Software\windupdates !!!
Sat Oct 01 16:38:03 2005 => Object "windupdate Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:03 2005 => Offending Key found: HKCU\Software\gnu !!!
Sat Oct 01 16:38:03 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:03 2005 => Offending Key found: HKCU\Software\msbb !!!
Sat Oct 01 16:38:03 2005 => Object "msbb Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:05 2005 => Offending file found: C:\WINDOWS\alchem.ini
Sat Oct 01 16:38:05 2005 => System found infected with abetterinternet Spyware/Adware (alchem.ini)! Action taken: No Action Taken.

Sat Oct 01 16:38:05 2005 => Offending file found: C:\WINDOWS\conscorr.ini
Sat Oct 01 16:38:05 2005 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.

Sat Oct 01 16:38:05 2005 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1
Sat Oct 01 16:38:05 2005 => Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Oct 01 16:38:05 2005 => Offending file found: C:\WINDOWS\System32\msxslab.dll
Sat Oct 01 16:38:05 2005 => System found infected with coolwebsearch parasite variant Spyware/Adware (msxslab.dll)! Action taken: No Action Taken.


Sat Oct 01 16:38:15 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\basis.xml". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\bridge.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\bridge.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\jao.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\nav.bmp". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PremiumConnectLoad.ocx". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\QDow_AS2.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\tl7000.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\toolbar.crc". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\version.txt". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\win32.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WUInst.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\EPlugin.ocx". Action Taken: No Action Taken.

Sat Oct 01 16:38:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\LiveService_3.dll". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Robin Hood - DotC\GAMESAVE\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Gemeinsame Dateien\Symantec Shared\Help\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Call of Duty\uo\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Norton AntiVirus\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Hidden & Dangerous 2\Text\english\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Hidden & Dangerous 2\Text\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Hidden & Dangerous 2\Text\english\subtitles\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\System\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\Maps\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\Classes\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program files\Sierra\SWAT 4\Content\StaticMeshes\". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ad-aware 6 Professional". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BargainBuddy". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Blitzkrieg". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "bridge". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Call of Duty". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Player". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "EliteBar Internet Explorer Toolbar". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "GameSpy Arcade". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hidden & Dangerous 2 SP Demo". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "iexpedition". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB829558". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "localNRD". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA Display Driver". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SearchAssistant Uninstall". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SiSLan". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spyware Doctor_is1". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "T-Online Copas". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Vietcong". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "XBTB00000.XBTB00000IEToolbar". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoneAlarm Pro". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{511A5609-446A-11D5-9FA6-0060087051D5}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{663DAC6E-AC75-4A07-A94C-11BC1E214AC0}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{83437081-8186-4F63-BD39-4BE8A691E055}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8ADFC4160D694100B5B8A22DE9DCABD9}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{95D1FD8D-9209-4C68-B7E4-95536D21BBD1}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A99968BE-C155-474C-0089-33239DEE1CE2}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C270BC04-1540-4673-960F-A546B2C860CD}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{D1EE91BE-1EE1-4884-94CD-3CAD26463AC6}". Action Taken: No Action Taken.

Sat Oct 01 16:38:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}". Action Taken: No Action Taken.

Sat Oct 01 16:38:17 2005 => Entry "HKCR\CLSID\{31E0DFD7-2621-11D2-AFD7-006097C9A284}" refers to invalid object "E:\Microsoft Office\Office10\1031\MSOHELP.EXE". Action Taken: No Action Taken.

Sat Oct 01 16:38:18 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sat Oct 01 16:38:18 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sat Oct 01 16:38:18 2005 => Entry "HKCR\CLSID\{B58C2440-A1A3-11D2-B024-006097C9A284}" refers to invalid object "E:\Microsoft Office\Office10\1031\MSOHELP.EXE". Action Taken: No Action Taken.

Sat Oct 01 16:38:18 2005 => Entry "HKCR\CLSID\{B58C2441-A1A3-11D2-B024-006097C9A284}" refers to invalid object "E:\Microsoft Office\Office10\1031\MSOHELP.EXE". Action Taken: No Action Taken.

Sat Oct 01 16:38:19 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "D:\RUNTIME\mDxEmul.mom". Action Taken: No Action Taken.

Sat Oct 01 16:38:21 2005 => Entry "HKCR\Rar-Archiv\shell\open\command" refers to invalid object ""D:\cock sparrer\WinAce\WinAce.exe" "%1"". Action Taken: No Action Taken.
__________________
Alt 01.10.2005, 17:01   #3
hatecrimes
 
e-scan log...bitte um hilfe - Standard

e-scan log...bitte um hilfe


puh da ist jetzt ne ganze menge ...ich poste noch mein hijackthis-log wobei ich meine das dort alles in ordnung ist:

Logfile of HijackThis v1.97.7
Scan saved at 18:02:16, on 01.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp\mwavscan.com
C:\DOKUME~1\STEFAN~1\LOKALE~1\Temp\kavss.exe
C:\WINDOWS\notepad.exe
C:\Dokumente und Einstellungen\Stefan Ruck\Eigene Dateien\Meine empfangenen Dateien\HijackThis.exe

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)


Jetzt lautet meine Frage :
ist der pc hoffnungslos verseucht, oder seht ihr noch ne chance ihn wieder "sauber" zu bekommen?!?
falls die antwort lautet : pc platt machen, bitte ich um eine anweisung
oder n link wie ich das am besten mache!!!ebenfalls wären n paar vorschläge hilfreich wie ich so ein chaos in zukunft vermeiden kann...
fettes merci schon im vorraus
__________________
Alt 01.10.2005, 17:16   #4
Expert
 
e-scan log...bitte um hilfe - Standard

e-scan log...bitte um hilfe


@hatecrimes

Lade dir
HijackThis v1.99.1
Deine Version ist alt & poste dein komplette HJT Log

Gruss
Expert

Alt 01.10.2005, 17:35   #5
hatecrimes
 
e-scan log...bitte um hilfe - Standard

e-scan log...bitte um hilfe


Logfile of HijackThis v1.99.1
Scan saved at 18:43:33, on 01.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Dokumente und Einstellungen\Stefan Ruck\Eigene Dateien\Meine empfangenen Dateien\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe


Alt 01.10.2005, 17:42   #6
chaosman
 
e-scan log...bitte um hilfe - Standard

e-scan log...bitte um hilfe


@hatecrimes
im logfile ist ausser veraltetes BS nichts besonderes zu sehen
poste mal die escan ergebnisse nach dieser anleitung
http://www.trojaner-board.de/showthread.php?t=17492


chaosman
__________________
--> e-scan log...bitte um hilfe

Alt 02.10.2005, 00:01   #7
hatecrimes
 
e-scan log...bitte um hilfe - Standard

e-scan log...bitte um hilfe


Alternativ:
Öffne die 'mwav.log' im Ordner 'C:\Bases_X' -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen
.
File C:\Programme\AVPersonal\INFECTED\winldra.VIR infected by "Backdoor.Win32.Dumador.bh" Virus!

C:\Programme\AVPersonal\INFECTED\winldra.VIR

File C:\Programme\AVPersonal\INFECTED\DVPD.DLL.VIR infected by "Backdoor.Win32.Dumador.az" Virus!

C:\Programme\AVPersonal\INFECTED\DVPD.DLL.VIR

C:\Programme\AVPersonal\INFECTED\*.*

C:\WINDOWS\System32\msxslab.dll
System found infected with coolwebsearch parasite variant Spyware/Adware (msxslab.dll)

C:\WINDOWS\conscorr.ini
System found infected with ezula Spyware/Adware (conscorr.ini)!

C:\WINDOWS\alchem.ini
System found infected with abetterinternet Spyware/Adware (alchem.ini)

System found infected with istbar Spyware/Adware ({d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d})!

C:\Programme\AVPersonal\INFECTED\winldra.VIR infiziert von "Backdoor.Win32.Dumador.bh" Virus

C:\Programme\AVPersonal\INFECTED\winldra.VIR

C:\Programme\AVPersonal\INFECTED\DVPD.DLL.VIR infiziert von "Backdoor.Win32.Dumador.az" Virus

C:\Programme\AVPersonal\INFECTED\DVPD.DLL.VIR

C:\Programme\AVPersonal\INFECTED\*.*

C:\WINDOWS\System32\msxslab.dll
System found infected with coolwebsearch parasite variant Spyware/Adware (msxslab.dll)

C:\WINDOWS\conscorr.ini
System found infected with ezula Spyware/Adware (conscorr.ini)

C:\WINDOWS\alchem.ini
System found infected with abetterinternet Spyware/Adware (alchem.ini)

System found infected with istbar Spyware/Adware ({d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d})

C:\WINDOWS\System32\msxslab.dll
System found infected with coolwebsearch parasite variant Spyware/Adware (msxslab.dll)

C:\WINDOWS\conscorr.ini
System found infected with ezula Spyware/Adware (conscorr.ini)

C:\WINDOWS\alchem.ini
System found infected with abetterinternet Spyware/Adware (alchem.ini)

System found infected with istbar Spyware/Adware ({d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d})

Total Objects Scanned: 32393
Total Virus(es) Found: 12
Total Disinfected Files: 0

mhmm..waren dann ja doch nicht so viele...wiederholen sich ja teilweise..tue ich die nun einfach im gesicherten modus löschen???
die im av personal ordner sind doch eigentlich ungefährlich, oder??
wie lösche ich z.bsp. sowas-->{d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d} ?

Antwort

Themen zu e-scan log...bitte um hilfe
ad-aware, antivir, aufgabe, auskennt, clearprog, cwshredder, destroy, ebenfalls, einzige, großes, kis, laufen, nicht vorhanden, nichts, personal, problem, sache, search, service, service pack 2, spybot, tuneup utilities, utilities, vorhanden, überprüfe, ähnliches


« Hilfe bei internet | ununterbochener Download »


Ähnliche Themen: e-scan log...bitte um hilfe


  1. Registry Keys bei Scan gefunden? Bitte um hilfe
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (10)
  2. OTL Scan - Hilfe!
    Log-Analyse und Auswertung - 11.04.2013 (20)
  3. Laptop immer langsamer, absturz, OTL scan abgestürzt, gmer scan > Systemabsturz - HILFE!
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (3)
  4. Bitte um Zusendung FIX nach OTL scan
    Log-Analyse und Auswertung - 20.03.2012 (1)
  5. TR/Dropper.gen - OLT Scan bitte checken
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  6. fund von unqip.exe(Adware.Sogou) nach scan mit malwarebytes.bitte um hilfe!
    Plagegeister aller Art und deren Bekämpfung - 16.11.2008 (10)
  7. Bitte Logfile prüfen....scan nach cleaning
    Log-Analyse und Auswertung - 19.02.2008 (8)
  8. Bitte um Hilfe --> E-Scan Log-file Inside
    Mülltonne - 27.11.2007 (0)
  9. Bitte um Auswertung bei meinem Scan:
    Log-Analyse und Auswertung - 19.10.2007 (5)
  10. Hilfe! E-Scan hat 2 Viren gefunden!
    Log-Analyse und Auswertung - 19.07.2007 (16)
  11. Trojaner lt. E Scan Bitte Hilfe
    Log-Analyse und Auswertung - 21.03.2007 (3)
  12. Bitte kurz reinschauen E-Scan + Hijack log + smitfiles
    Log-Analyse und Auswertung - 20.11.2006 (16)
  13. PopUps!!! Bitte e-scan und HJT Log auswerten, danke!
    Mülltonne - 09.07.2006 (4)
  14. könnt ihr mir bitte helfen den scan auszuwerten?
    Log-Analyse und Auswertung - 06.02.2006 (1)
  15. Mein erster Scan, brauche Hilfe
    Log-Analyse und Auswertung - 16.08.2005 (8)
  16. log nach e-scan-bitte hilfe
    Log-Analyse und Auswertung - 28.04.2005 (1)
  17. Bitte Hilfe mit E-Scan wegen Win.Agent.bc
    Plagegeister aller Art und deren Bekämpfung - 09.01.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema e-scan log...bitte um hilfe - tag allerseits.. ich hab ngroßes problem mit unserem "wg-computer"! da ich in unserer wg der einzige bin der sich wenigstens ein bischen mit diesem kram auskennt ist es meine aufgabe - e-scan log...bitte um hilfe...
Archiv
Du betrachtest: e-scan log...bitte um hilfe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131