|
Ist mein System sauber? Hey! E-Scan hat bei mir den Trojaner RedV gefunden,hab die Datei auch soweit gelöscht (war die install.dll im Temp. Ordner) aber E-Scan meldet etliche Fehler bzw. Registry Einträge! Muss ich mir jetzt Sorgen machen oder ist mein System wieder sauber? hier mein HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 18:04:54, on 19.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Programme\ZoneAlarm\zlclient.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe D:\Programme\Antivirus\AVGNT.EXE D:\Programme\Motherboard Monitor 5\MBM5.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\E-Scan\TRAYICOS.EXE D:\PROGRA~1\E-Scan\MAILDISP.EXE D:\PROGRA~1\E-Scan\SPOOLER.EXE D:\PROGRA~1\E-Scan\MAILSCAN.EXE D:\PROGRA~1\E-Scan\kavss.exe D:\PROGRAMME\ANTIVIRUS\AVGUARD.EXE D:\Programme\Antivirus\AVWUPSRV.EXE C:\WINDOWS\system32\CTSvcCDA.exe D:\Programme\Diskeeper lite\DKService.exe D:\PROGRA~1\E-Scan\TRAYSSER.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Fast.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\****\Desktop\ICONS\1_99_1.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\Antivirus\AVGNT.EXE /min O4 - HKLM\..\Run: [MBM 5] "D:\Programme\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84" O4 - HKLM\..\Run: [MailScan Dispatcher] "D:\Programme\E-Scan\LAUNCH.EXE" O4 - HKLM\..\Run: [eScan Updater] D:\PROGRA~1\E-Scan\TRAYICOS.EXE /App O4 - HKLM\..\Run: [eScan Monitor] D:\PROGRA~1\E-Scan\AVPMWrap.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot\TeaTimer.exe O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Download by Free Download Manager - file://D:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Programme\Free Download Manager\dlpage.htm O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://D:\Programme\LeechGet 2003\\Wizard.html O8 - Extra context menu item: Mit LeechGet herunterladen - file://D:\Programme\LeechGet 2003\\AddUrl.html O8 - Extra context menu item: Mit LeechGet parsen - file://D:\Programme\LeechGet 2003\\Parser.html O10 - Broken Internet access because of LSP provider 'mwtsp.dll' missing O17 - HKLM\System\CCS\Services\Tcpip\..\{14D0C8A7-6FCB-40F0-B24F-2CDAFDD7EB1D}: NameServer = 217.237.150.225 217.237.150.141 O17 - HKLM\System\CS1\Services\Tcpip\..\{14D0C8A7-6FCB-40F0-B24F-2CDAFDD7EB1D}: NameServer = 217.237.150.225 217.237.150.141 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMME\ANTIVIRUS\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\Antivirus\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Programme\Diskeeper lite\DKService.exe O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - D:\PROGRA~1\E-Scan\TRAYSSER.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - D:\PROGRA~1\E-Scan\avpm.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programme\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programme\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe und noch der E-Scan log: (der Rest des log´s mit den Fehlern) Mon Dec 19 18:07:55 2005 => ***** Scanning Registry and File system for Adware/Spyware ***** Mon Dec 19 18:07:55 2005 => Loading Spyware Signatures from new External Database (Size: 144468). Mon Dec 19 18:08:44 2005 => ***** Scanning Registry for errors created because of Adware/Spyware ***** Mon Dec 19 18:08:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\amdcpu.exe" refers to invalid object "C:\Programme\AMD\Athlon 64 Processor Driver\amdcpu.exe". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe" refers to invalid object "C:\Dokumente und Einstellungen\Dirty Harry\Desktop\ICONS\hijackthis.exe". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ldm.exe" refers to invalid object "C:\Programme\Logitech\Desktop Messenger\ldm.exe". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".avc". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".awb". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".INK". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lng". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rax". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjs". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rjt". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rmj". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rms". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rmx". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rpl". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rsml". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rvx". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken. Mon Dec 19 18:08:44 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken. Mon Dec 19 18:08:46 2005 => Entry "HKCR\CLSID\{F2DD9BC5-3851-4766-9F67-A627B3C053DD}" refers to invalid object "C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\BACKWE~1.EXE". Action Taken: No Action Taken. Mon Dec 19 18:08:46 2005 => Entry "HKCR\TypeLib\{47F59201-8783-11D2-8343-00A0C945A819}" refers to invalid object "C:\Programme\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll". Action Taken: No Action Taken. Mon Dec 19 18:08:46 2005 => Entry "HKCR\TypeLib\{873EFD18-33BC-4E25-921F-EBD42EB51126}" refers to invalid object "E:\DsiN.exe". Action Taken: No Action Taken. Mon Dec 19 18:08:47 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Mon Dec 19 18:08:47 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Mon Dec 19 18:08:47 2005 => Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken. Mon Dec 19 18:08:48 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Mon Dec 19 18:08:48 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Mon Dec 19 18:08:48 2005 => Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken. Mon Dec 19 18:08:48 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Mon Dec 19 18:08:48 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Mon Dec 19 18:08:49 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Mon Dec 19 18:08:49 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Mon Dec 19 18:08:49 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. Mon Dec 19 18:08:49 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. Mon Dec 19 18:08:49 2005 => ***** Checking for specific ITW Viruses ***** Mon Dec 19 18:08:49 2005 => Checking for Welchia Virus... Mon Dec 19 18:08:49 2005 => Checking for LovGate Virus... Mon Dec 19 18:08:49 2005 => Checking for CodeRed Virus... Mon Dec 19 18:08:49 2005 => Checking for OpaServ Virus... Mon Dec 19 18:08:49 2005 => Checking for Sobig.e Virus... Mon Dec 19 18:08:49 2005 => Checking for Winupie Virus... Mon Dec 19 18:08:49 2005 => Checking for Swen Virus... Mon Dec 19 18:08:49 2005 => Checking for JS.Fortnight Virus... Mon Dec 19 18:08:49 2005 => Checking for Novarg Virus... Mon Dec 19 18:08:49 2005 => Checking for Pagabot Virus... Mon Dec 19 18:08:49 2005 => Checking for Parite.b Virus... Mon Dec 19 18:08:49 2005 => Checking for Parite.a Virus... Mon Dec 19 18:08:49 2005 => Checking for Adware.SeekSeek Virus... Mon Dec 19 18:08:49 2005 => ***** Scanning complete. ***** Mon Dec 19 18:08:49 2005 => Total Objects Scanned: 18887 Mon Dec 19 18:08:49 2005 => Total Virus(es) Found: 0 Mon Dec 19 18:08:49 2005 => Total Disinfected Files: 0 Mon Dec 19 18:08:49 2005 => Total Files Renamed: 0 Mon Dec 19 18:08:49 2005 => Total Deleted Objects: 0 Mon Dec 19 18:08:49 2005 => Total Errors: 41 Mon Dec 19 18:08:49 2005 => Time Elapsed: 00:01:21 Mon Dec 19 18:08:49 2005 => Virus Database Date: 2005/12/19 Mon Dec 19 18:08:49 2005 => Virus Database Count: 158176 Mon Dec 19 18:08:49 2005 => Scan Completed. Für Hilfe wäre ich sehr dankbar:) |
Also diesen Eintrag kann ich nicht zuordnen: C:\Dokumente und Einstellungen\****\Desktop\ICONS\1_99_1.exe Kannst die Datei ja mal Hier Online prüfen lassen. |
Zitat:
Hab aber grad nochmal gescannt ist sauber! Mach mir bloss Sorgen wegen der Registry Einträge!?:confused: |
|
Regseeker hab ich!Aber wenn ich dort auf Registry säubern gehe und er mir diverse Einträge raussucht,kann man die dann bedenkenlos löschen? Registry Einträge löschen da bin ich immer vorsichtig:( |
Hallo DirtyHarry, die "grünen" Funde kannst Du bedenkenlos löschen oder merke Dir die "Escan-Funde" und entferne sie mit "Regseeker". dartus |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 07:29 Uhr. |
Copyright ©2000-2025, Trojaner-Board