Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   eScan log file (https://www.trojaner-board.de/19226-escan-log-file.html)

schneebesen 24.06.2005 13:29
eScan log file
 
Hallo allerseits,

mein Problem ist, dass ich den Computer zwar mit eScan gescannt habe und mit eScanCheck bzw. Killbox versucht habe zu reinigen, ich aber eine ganze Reihe von Warnmeldungen in eScan im Computer nicht finden kann. Folglich kann ich diese auch nicht beheben. Die meisten befinden sich laut eScan im Registry oder File System. Was hat das zu bedeuten? :confused:
könnte sich das mal jemand angucken und einen heissen Tip abgeben?

Vielen Dank schonmal,

Schneebesen

------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Fri Jun 24 13:07:42 2005 => System found infected with Gator Spyware/Adware ({21FFB6C0-0DA1-11D5-A9D5-00500413153C})! Action taken: No Action Taken.
2: Fri Jun 24 13:07:44 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
3: Fri Jun 24 13:07:44 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
4: Fri Jun 24 13:07:44 2005 => System found infected with AltnetBDE Spyware/Adware (adm4.adm4)! Action taken: No Action Taken.
5: Fri Jun 24 13:07:44 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.adm25)! Action taken: No Action Taken.
6: Fri Jun 24 13:07:44 2005 => System found infected with VX2 Spyware/Adware (vx2.vx2obj)! Action taken: No Action Taken.
7: Fri Jun 24 13:07:44 2005 => System found infected with WhenU Spyware/Adware (wusn)! Action taken: No Action Taken.
8: Fri Jun 24 13:07:51 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
9: Fri Jun 24 13:07:58 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
10: Fri Jun 24 13:07:58 2005 => System found infected with AltnetBDE Spyware/Adware (adm.exe)! Action taken: No Action Taken.
11: Fri Jun 24 13:44:11 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Fri Jun 24 13:10:09 2005 => File C:\WINDOWS\SYSTEM\PLUGIN.EXE tagged as "not-a-virus:Porn-Dialer.Win32.Generic". Action Taken: No Action Taken.
2: Fri Jun 24 13:15:33 2005 => File C:\WINDOWS\TEMP\bde1E8A.TMP\morpheus\projector\bdeplayer\BDESac10.cab tagged as "not-a-virus:AdWare.BrilliantDigital.3120". Action Taken: No Action Taken.
3: Fri Jun 24 13:15:34 2005 => File C:\WINDOWS\TEMP\bde1E8A.TMP\morpheus\projector\b3d3100Package.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
4: Fri Jun 24 13:18:37 2005 => File C:\WINDOWS\TEMP\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
5: Fri Jun 24 13:18:40 2005 => File C:\WINDOWS\TEMP\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
6: Fri Jun 24 13:21:37 2005 => File C:\WINDOWS\SYSTEM\PLUGIN.EXE tagged as "not-a-virus:Porn-Dialer.Win32.Generic". Action Taken: No Action Taken.
7: Fri Jun 24 13:27:53 2005 => File C:\WINDOWS\TEMP\bde1E8A.TMP\morpheus\projector\bdeplayer\BDESac10.cab tagged as "not-a-virus:AdWare.BrilliantDigital.3120". Action Taken: No Action Taken.
8: Fri Jun 24 13:27:54 2005 => File C:\WINDOWS\TEMP\bde1E8A.TMP\morpheus\projector\b3d3100Package.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
9: Fri Jun 24 13:31:04 2005 => File C:\WINDOWS\TEMP\__unin__.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
10: Fri Jun 24 13:31:07 2005 => File C:\WINDOWS\TEMP\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
11: Fri Jun 24 13:32:39 2005 => File C:\WINDOWS\Downloaded Program Files\plugin.exe tagged as "not-a-virus:Porn-Dialer.Win32.Generic". Action Taken: No Action Taken.
12: Fri Jun 24 13:34:22 2005 => File C:\WINDOWS\bde\bdeclean.exe tagged as "not-a-virus:AdWare.BrilliantDigital.35684". Action Taken: No Action Taken.
13: Fri Jun 24 13:36:18 2005 => File C:\Programme\kazaa_lite_171_deutsch.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
14: Fri Jun 24 13:36:21 2005 => File C:\Programme\Netscape\Communicator\Program\Plugins\nponflow.dll tagged as "not-a-virus:AdWare.OnFlow". Action Taken: No Action Taken.
15: Fri Jun 24 13:37:10 2005 => File C:\Programme\ow32dede512j.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
16: Fri Jun 24 13:37:43 2005 => File C:\Programme\Opera\UnInst\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
17: Fri Jun 24 13:46:51 2005 => File C:\Programme\GDiVX 1.9.0.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
18: Fri Jun 24 13:46:54 2005 => File C:\Programme\Morpheus\setupmorph.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
19: Fri Jun 24 13:46:57 2005 => File C:\Programme\NewDotNet\newdotnet4_50.dll tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
20: Fri Jun 24 13:47:11 2005 => File C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
21: Fri Jun 24 13:47:22 2005 => File C:\Programme\Zone Labs\zlsSetup_55_094_000.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
22: Fri Jun 24 13:47:24 2005 => File C:\Programme\Acoustica-MP3-CD-Burner-Installer-aff_7255.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
23: Fri Jun 24 13:49:36 2005 => File C:\Programme\OutpostInstall.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
24: Fri Jun 24 13:50:31 2005 => File C:\Programme\zaSetup_37_159.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
25: Fri Jun 24 13:50:33 2005 => File C:\Programme\DivX505Bundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
26: Fri Jun 24 13:50:49 2005 => File C:\Programme\Microsoft Nachschlagewerke\Encarta Enzyklopädie\UNINST32.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
27: Fri Jun 24 13:53:14 2005 => File C:\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Fri Jun 24 13:07:11 2005 => ERROR!!! Invalid Entry {D3796116-94D3-4009-96D7-51578411CC7D} = C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OSHDLR.DLL (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
2: Fri Jun 24 13:07:12 2005 => ERROR!!! Invalid Entry dfueconf = C:\Programme\Eumex 504PC USB\dfueconf.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
3: Fri Jun 24 13:07:13 2005 => ERROR!!! Invalid Entry MiniLog = C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service (in key SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices). No Action Taken.
4: Fri Jun 24 13:08:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\PLUGIN~1.CPL". Action Taken: No Action Taken.
5: Fri Jun 24 13:08:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\iccsigs.dat". Action Taken: No Action Taken.
6: Fri Jun 24 13:08:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\LTIH21TB.DLL". Action Taken: No Action Taken.
7: Fri Jun 24 13:08:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Startmenü\Programme\Opera 5\NPSWF32.dll". Action Taken: No Action Taken.
8: Fri Jun 24 13:08:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\NSCMPS.DLL". Action Taken: No Action Taken.
9: Fri Jun 24 13:08:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\NSERROR.DLL". Action Taken: No Action Taken.
10: Fri Jun 24 13:08:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\smooths.dll". Action Taken: No Action Taken.
11: Fri Jun 24 13:08:16 2005 => Entry "HKCR\CLSID\{D3B1DE00-6B94-1069-8754-08002B2BD64F}" refers to invalid object "C:\WINDOWS\SYSTEM\disktool.dll". Action Taken: No Action Taken.
12: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{438B8ECD-AD2A-11D1-ADEB-0000F87734F0}" refers to invalid object "C:\PROGRAMME\INTERNET EXPLORER\CONNECTION WIZARD\TRIALOC.DLL". Action Taken: No Action Taken.
13: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{34C9990F-CBD7-11D2-AE0E-00C04FAEA83F}" refers to invalid object "C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNSETUP.DLL". Action Taken: No Action Taken.
14: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196}" refers to invalid object "ksqmf.ax". Action Taken: No Action Taken.
15: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{7865A9A1-33A8-11d0-BED9-00A02468FAB6}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\BRPREF32.DLL". Action Taken: No Action Taken.
16: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{543EC0D0-6AB7-11d0-BF56-00A02468FAB6}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\BRPREF32.DLL". Action Taken: No Action Taken.
17: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{543EC0D1-6AB7-11d0-BF56-00A02468FAB6}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\BRPREF32.DLL". Action Taken: No Action Taken.
18: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{2D0A7D70-748C-11d0-9705-00805F8AA8B8}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\EDPREF32.DLL". Action Taken: No Action Taken.
19: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{E8D6B4F0-8B58-11d0-9B63-00805F8ADDDE}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\MNPREF32.DLL". Action Taken: No Action Taken.
20: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{DDF4AB60-8B84-11d0-9B63-00805F8ADDDE}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\MNPREF32.DLL". Action Taken: No Action Taken.
21: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{CC3E2871-43CA-11d0-B6D8-00805F8ADDDE}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\MNPREF32.DLL". Action Taken: No Action Taken.
22: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{CC3E2872-43CA-11d0-B6D8-00805F8ADDDE}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\MNPREF32.DLL". Action Taken: No Action Taken.
23: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{C98D0190-7D81-11d0-BF8D-00A02468FAB6}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\BRPREF32.DLL". Action Taken: No Action Taken.
24: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{37B601C0-8AC8-11d0-83AF-00805F8A274D}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\BRPREF32.DLL". Action Taken: No Action Taken.
25: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{913A4A20-8EBF-11d0-BFAB-00A02468FAB6}" refers to invalid object "C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\BRPREF32.DLL". Action Taken: No Action Taken.
26: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
27: Fri Jun 24 13:08:17 2005 => Entry "HKCR\CLSID\{BB7DF450-F119-11CD-8465-00AA00425D90}" refers to invalid object "C:\Programme\Microsoft Office\Office\". Action Taken: No Action Taken.
28: Fri Jun 24 13:08:18 2005 => Entry "HKCR\CLSID\{87237560-4332-11d3-B319-0050047402CB}" refers to invalid object "WocShell.dll". Action Taken: No Action Taken.
29: Fri Jun 24 13:08:18 2005 => Entry "HKCR\CLSID\{743DFC10-5096-11d3-B338-0050047402CB}" refers to invalid object "WocShell.dll". Action Taken: No Action Taken.
30: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{0A8B9470-3921-11D3-B1AB-0080C84E9C15}" refers to invalid object "C:\PROGRAMME\CYBERLINK\POWERDVD\CLINET.DLL". Action Taken: No Action Taken.
31: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{82CCD3E0-F71A-11D0-9FE5-00609778AAAA}" refers to invalid object "C:\WINDOWS\SYSTEM\DIVX_C32.AX". Action Taken: No Action Taken.
32: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{598EBA02-B49A-11D2-A1C1-00609778AAAA}" refers to invalid object "C:\WINDOWS\SYSTEM\DIVX_C32.AX". Action Taken: No Action Taken.
33: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{075BB8A1-B7D8-11D2-A1C6-00609778AAAA}" refers to invalid object "C:\WINDOWS\SYSTEM\DIVX_C32.AX". Action Taken: No Action Taken.
34: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{C55A1680-CD5A-11CF-8D29-444553540000}" refers to invalid object "C:\PROGRAMME\GDIVX PLAYER\REGOBJ.DLL". Action Taken: No Action Taken.
35: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{51958169-D5E3-11D1-AA42-0000E842E40A}" refers to invalid object "C:\BDE\NPBDPLAY2.DLL". Action Taken: No Action Taken.
36: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{FACF11A2-5095-11D3-A9DE-00C0268E5C48}" refers to invalid object "E:\PROJEKTE\CD_ROM\ENERGIE DER ZUKUNFT\RUNTIME\MDXEMUL.MOM". Action Taken: No Action Taken.
37: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{86FC1FD1-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "E:\PROJEKTE\CD_ROM\BERLIN2000\RUNTIME\RDXEMUL.MOM". Action Taken: No Action Taken.
38: Fri Jun 24 13:08:19 2005 => Entry "HKCR\CLSID\{86FC1FD3-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "E:\PROJEKTE\CD_ROM\BERLIN2000\RUNTIME\RDXEMUL.MOM". Action Taken: No Action Taken.
39: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
40: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{6CFC9BA2-FE87-11D2-9DCF-ED29FAFE371D}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
41: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{4F7AE601-0142-11D3-9DCF-89BE4EFB591E}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
42: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{322982E1-0855-11D3-9DCF-DDFB3AB09E18}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
43: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{83C2D7A1-0DE6-11D3-9DCF-9423F1B2561C}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
44: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{53FA8D41-2CDD-11D3-9DD0-D3CD4078982A}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
45: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
46: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
47: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{53FA8D4D-2CDD-11D3-9DD0-D3CD4078982A}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
48: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{53FA8D44-2CDD-11D3-9DD0-D3CD4078982A}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
49: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{EE11629C-36DF-11D3-9DD0-89D6DBBBA800}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
50: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{CA478DA1-3920-11D3-9DD0-8067E4A06603}" refers to invalid object "C:\WINDOWS\SYSTEM\ACTIVESKIN.OCX". Action Taken: No Action Taken.
51: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "D:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
52: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "D:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
53: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "D:\PLAYER\WMMP.EXE". Action Taken: No Action Taken.
54: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{D3796116-94D3-4009-96D7-51578411CC7D}" refers to invalid object "C:\PROGRA~1\AGNITUM\OUTPOS~1.0\OSHDLR.DLL". Action Taken: No Action Taken.
55: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{C355883F-A677-11d3-A773-00C04F68F44E}" refers to invalid object "C:\Programme\Sonic Foundry\Shared Plug-Ins\File Formats\commp3.dll". Action Taken: No Action Taken.
56: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{D2636D9A-A677-11d3-A773-00C04F68F44E}" refers to invalid object "C:\Programme\Sonic Foundry\Sound Forge 5.0\frgkrn.dll". Action Taken: No Action Taken.
57: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}" refers to invalid object "C:\PROGRAM FILES\RXTOOLBAR\RXTOOLBAR.DLL". Action Taken: No Action Taken.
58: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\PROGRAMME\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL". Action Taken: No Action Taken.
59: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}" refers to invalid object "C:\PROGRAMME\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL". Action Taken: No Action Taken.
60: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}" refers to invalid object "C:\PROGRAMME\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL". Action Taken: No Action Taken.
61: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}" refers to invalid object "C:\PROGRAMME\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL". Action Taken: No Action Taken.
62: Fri Jun 24 13:08:20 2005 => Entry "HKCR\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}" refers to invalid object "C:\PROGRAMME\KAZAA\TOPSEARCH.DLL". Action Taken: No Action Taken.
63: Fri Jun 24 13:08:21 2005 => Entry "HKCR\Overview.Document" refers to invalid object "{DA23B9C9-6893-11D0-8534-00C04FD7AD0C}". Action Taken: No Action Taken.
64: Fri Jun 24 13:08:23 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
65: Fri Jun 24 13:08:23 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
66: Fri Jun 24 13:08:23 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
67: Fri Jun 24 13:08:23 2005 => Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
68: Fri Jun 24 13:08:24 2005 => Entry "HKCR\VX2.VX2Obj.1" refers to invalid object "{00000000-5eb9-11d5-9d45-009027c14662}". Action Taken: No Action Taken.
69: Fri Jun 24 13:08:24 2005 => Entry "HKCR\VX2.VX2Obj" refers to invalid object "{00000000-5eb9-11d5-9d45-009027c14662}". Action Taken: No Action Taken.
70: Fri Jun 24 13:08:25 2005 => Entry "HKCR\CorelDRAW.StateChartObject.10" refers to invalid object "{88B40185-1463-11d4-B6C3-009027912773}". Action Taken: No Action Taken.
71: Fri Jun 24 13:08:25 2005 => Entry "HKCR\CorelDRAW.StateChartObject" refers to invalid object "{88B40185-1463-11d4-B6C3-009027912773}". Action Taken: No Action Taken.
72: Fri Jun 24 13:08:27 2005 => Entry "HKCR\ADM25.ADM25.1" refers to invalid object "{1D3BCE37-7834-4579-8169-E67681420A98}". Action Taken: No Action Taken.
73: Fri Jun 24 13:08:27 2005 => Entry "HKCR\ADM4.ADM4.1" refers to invalid object "{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}". Action Taken: No Action Taken.
74: Fri Jun 24 13:43:22 2005 => Result: ERROR!!! File C:\Programme\wzip80g.exe is Not Scanned

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\Programme\kazaa_lite_171_deutsch.exe => tagged:Tool.Win32.Reboot.
2: C:\Programme\ow32dede512j.exe => tagged:Tool.Win32.Reboot.
3: C:\Programme\Opera\UnInst\UNWISE.EXE => tagged:Tool.Win32.Reboot.
4: C:\Programme\Morpheus\setupmorph.exe => tagged:Tool.Win32.Reboot.
5: C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe => tagged:Tool.Win32.Reboot.
6: C:\Programme\Zone Labs\zlsSetup_55_094_000.exe => tagged:Tool.Win32.Reboot.
7: C:\Programme\Acoustica-MP3-CD-Burner-Installer-aff_7255.exe => tagged:Tool.Win32.Reboot.
8: C:\Programme\OutpostInstall.exe => tagged:Tool.Win32.Reboot.
9: C:\Programme\zaSetup_37_159.exe => tagged:Tool.Win32.Reboot.
10: C:\Programme\DivX505Bundle.exe => tagged:Tool.Win32.Reboot.
11: C:\Programme\Microsoft Nachschlagewerke\Encarta Enzyklopädie\UNINST32.EXE => tagged:Tool.Win32.Reboot.
12: C:\UNWISE.EXE => tagged:Tool.Win32.Reboot.

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Fri Jun 24 13:56:08 2005 => Total Objects Scanned: 58956
Fri Jun 24 13:56:08 2005 => Total Virus(es) Found: 41
Fri Jun 24 13:56:08 2005 => Total Errors: 74
Fri Jun 24 13:56:08 2005 => Virus Database Date: 2005/06/24
Fri Jun 24 13:56:08 2005 => Virus Database Count: 136201
Fri Jun 24 13:57:47 2005 => Virus Database Date: 2005/06/24
Fri Jun 24 13:57:47 2005 => Virus Database Count: 136201

Chris14 24.06.2005 13:37
ok jetzt fehlt noch ein HJT-Logfile. Erstelle eins wie es hier beschrieben ist und poste es.

-Nebenbei solltest du diese dateien löschen:
wenn du über modem drin bist speichere die datei plugin.exe im ordner c:\windows\system32 auf diskette zwecks beweissicherung ansonsten kann die datei gelöscht werden
-lade dir clearprog runter und installiere es.
-starte clearprog im abgesicherten modus, setze haken bei "alles löschen", bestätigung mit löschen
-deinstalliere new.net über start/einstellungen/systemsteuerung/software und repariere notfalls mit lspfix deine winsocks.
(lspfix starten, auf remove klicken)
-lösche dann die ordner C:\WINDOWS\bde\ und C:\Programme\NewDotNet\


ich sehe auch, dass du kazaa installiert hast. es ist eine malwareschleuder wobei es auchnoch lite versionen davon gibt.

schneebesen 24.06.2005 14:30
Danke schonmal!

hier erstmal das hjt-logfile, rest mache ich später.

gruß,

schneebesen

Logfile of HijackThis v1.99.1
Scan saved at 15:27:45, on 24.06.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAMME\FRITZ!\IWATCH.EXE
C:\PROGRAMME\DEXXA\OPTICAL MOUSE\SCW64.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\SMARTSURFER3.0\SMARTSURFER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\WINDOWS MEDIA PLAYER\MPLAYER2.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.werder.de/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://web.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von Lycos Europe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [dfueconf] C:\Programme\Eumex 504PC USB\dfueconf.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Startup: Dexxa Optical Mouse.lnk = C:\Programme\Dexxa\Optical Mouse\Scw64.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131