|
Escan Log - Wie geht es weiter? Hallo zusammen, ich habe mein System laut Anleitung im abgesicherten Modus gescannt und folgende Log mit Hilfe der find.bat erstellt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Oct 22 19:46:33 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken. Sat Oct 22 19:46:34 2005 => System found infected with flashget Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken. Sat Oct 22 19:46:34 2005 => System found infected with flashget Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. Sat Oct 22 19:46:34 2005 => System found infected with flashget Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken. Sat Oct 22 19:46:34 2005 => System found infected with flashget Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken. Sat Oct 22 19:46:34 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken. Sat Oct 22 19:46:57 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken. Sat Oct 22 19:47:00 2005 => System found infected with bearshare Spyware/Adware (bearshare downloads.lnk)! Action taken: No Action Taken. Sat Oct 22 19:47:00 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken. Sat Oct 22 19:47:01 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken. Sat Oct 22 19:47:01 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken. Sat Oct 22 19:52:44 2005 => Scanne Verzeichniss: C:\Programme\Eset\infected\*.* Sat Oct 22 19:52:44 2005 => Scanne Datei C:\Programme\Eset\infected\2ZTDFUBA.NQF Sat Oct 22 19:52:44 2005 => Scanne Datei C:\Programme\Eset\infected\2ZTDFUBA.NQI ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Oct 22 19:46:58 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!! Sat Oct 22 19:46:58 2005 => Offending Key found: HKCU\appevents\eventlabels\bearsharechatnotifymsg !!! Sat Oct 22 19:46:58 2005 => Offending Key found: HKCU\appevents\schemes\apps\bearshare !!! Sat Oct 22 19:46:58 2005 => Offending Key found: HKLM\Software\magnet\handlers\bearshare !!! Sat Oct 22 19:46:58 2005 => Offending Key found: HKLM\Software\bearshare !!! Sat Oct 22 19:46:58 2005 => Offending value found in HKLM\Software\Licenses: {i56b3cf0d9ab991e1} !!! Sat Oct 22 19:46:58 2005 => Offending value found in HKLM\Software\Licenses: {056b3cf0d9ab991e1} !!! Sat Oct 22 19:46:59 2005 => Offending Folder found: C:\Programme\bearshare Sat Oct 22 19:46:59 2005 => Offending Folder found: C:\Programme\flashget Sat Oct 22 19:47:00 2005 => Offending file found: C:\Dokumente und Einstellungen\Thorsten\Desktop\bearshare downloads.lnk Sat Oct 22 19:47:00 2005 => Offending file found: C:\Dokumente und Einstellungen\Thorsten\Desktop\bearshare.lnk Sat Oct 22 19:47:01 2005 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare Sat Oct 22 19:47:01 2005 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\flashget Sat Oct 22 19:47:01 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Desktop\internet.lnk Sat Oct 22 19:47:01 2005 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare Sat Oct 22 19:47:01 2005 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\flashget Sat Oct 22 19:47:01 2005 => Offending file found: C:\WINDOWS\iun6002.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ Wie kann ich die Spyware / Malware jetzt beseitigen? Ich meine die Datei iun6002.exe kann ich beim Restart löschen lassen, aber was mach ich mit dem Rest? Danke und Gruß Thorsten |
Also bis auf den folgenden Eintrag, ist meine Logfile jetzt sauber: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mon Oct 24 10:54:01 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken. Mon Oct 24 11:02:34 2005 => Scanning Folder: C:\Programme\Eset\infected\*.* Mon Oct 24 12:03:29 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mon Oct 24 10:54:01 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Desktop\internet.lnk ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mon Oct 24 12:03:29 2005 => Total Virus(es) Found: 1 Mon Oct 24 12:03:30 2005 => Total Errors: 14 Mon Oct 24 12:03:30 2005 => Time Elapsed: 01:09:14 Mon Oct 24 12:03:29 2005 => Total Objects Scanned: 78290 Mon Oct 24 12:03:30 2005 => Virus Database Date: 2005/10/24 Mon Oct 24 13:08:22 2005 => Virus Database Date: 2005/10/24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~ Die Datei "internet.lnk" ist eine Verknüpfung von Firefox, hmm. Kann niemand helfen? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 01:37 Uhr. |
Copyright ©2000-2025, Trojaner-Board