Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Post eines E-Scan "logs" (Was muss ich noch tun??) (https://www.trojaner-board.de/24208-post-e-scan-logs-noch-tun.html)

Venkman 03.12.2005 16:04
Post eines E-Scan "logs" (Was muss ich noch tun??)
 
So das hier stand inn dem Fenster von E-scan.
Ich hoffe das reicht ansonsten würde ich noch den log posten.
Da ich schonmal ein ähnliches Problem hatte, habe ich mit Total Commander bereicts die beiden Ordner von Thunderbird gelöscht. ICh hoffe das war richtig und nich zu voreillig.
Meine Frage nun, muss noch was getan werden ??

Hier die Daten aus den "Virus detected- Fenster" von e-scan:

Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sve.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_sve.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HL-1430" refers to invalid object ".\HL-1430". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\REALTEK Semiconductor Corporation\REALTEK Gigabit and Fast Ethernet NIC Driver\setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VIA Audio Driver" refers to invalid object ".\VIA Audio Driver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Kerio\Personal Firewall 4\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Kerio\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Intel PROSet Wireless\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mfl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rdf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rlg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sad". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2DE506B9-4320-11d3-8E42-002035221EDA}" refers to invalid object "\tcshellex.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A8482EAF-A1F3-4934-AE3F-56EB195A50BF}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DDE0825B-6ADA-4AB8-A128-CEB218AF447C}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5AABBE72-E7C3-40F7-9C01-C11BA4501B54}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MyGlobalSearchBar.ToolbarPlugin" refers to invalid object "{EF281620-A3A3-4f08-874F-D68CFC9B7945}". Action Taken: No Action Taken.
Entry "HKCR\MyGlobalSearchBar.ToolbarPlugin.1" refers to invalid object "{EF281620-A3A3-4f08-874F-D68CFC9B7945}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService.1" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\******\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Inbox infected by "Backdoor.Win32.Agent.nc" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\******l\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Junk infected by "Trojan-Dropper.Win32.Agent.uo" Virus! Action Taken: No Action Taken.
File C:\Programme\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File D:\Downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.




Schonmal Danke in vorraus.

Greetz


P.S.: Ich hoffe ich habe sonst alles richtig gemacht
Ich nutze Win XP Prof. mitr SP 2
Daniel

chaosman 03.12.2005 16:36
@Venkman
um es etwas übersichtlicher zu machen, poste dein escan logfile wie hier beschrieben wird.
anleitung

chaosman

Venkman 03.12.2005 17:41
So hier bitte, hoffe es is so besser (man verzeihe mir ) ^^

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 03 14:31:56 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Sat Dec 03 14:32:00 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:02 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken.
Sat Dec 03 14:33:23 2005 => File C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Inbox infected by "Backdoor.Win32.Agent.nc" Virus! Action Taken: No Action Taken.
Sat Dec 03 14:33:24 2005 => File C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Junk infected by "Trojan-Dropper.Win32.Agent.uo" Virus! Action Taken: No Action Taken.
Sat Dec 03 14:40:59 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Dec 03 15:24:35 2005 => Scanning File D:\Mp3 Dateien\BAD_RELIGION___INFECTED.MP3
Sat Dec 03 15:24:35 2005 => Scanning File D:\Mp3 Dateien\Bartezz - Infected.mp3
Sat Dec 03 15:37:47 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponent.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponentHelper.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponentHolder.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfile.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfileHelper.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfileHolder.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponent.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponentHelper.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponentHolder.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfile.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfileHelper.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfileHolder.html
Sat Dec 03 14:59:12 2005 => File C:\Programme\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sat Dec 03 15:20:20 2005 => File D:\Downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!!
Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\limewire !!!
Sat Dec 03 14:31:58 2005 => Offending Folder found: C:\Programme\limewire
Sat Dec 03 14:32:00 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\javabuch 4\hjp4\html\search.html
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\gvc92fav\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\m1abwxsb\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\slodahwt\blank[1].htm
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\slodahwt\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\wr45kp4x\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\gvc92fav\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\m1abwxsb\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\slodahwt\blank[1].htm
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\slodahwt\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\wr45kp4x\common[1].js
Sat Dec 03 14:32:02 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\javabuch 4\hjp4\html\search.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 03 15:37:47 2005 => Total Virus(es) Found: 21
Sat Dec 03 15:37:47 2005 => Total Errors: 95
Sat Dec 03 15:37:47 2005 => Time Elapsed: 01:08:19
Sat Dec 03 15:37:47 2005 => Total Objects Scanned: 77889
Sat Dec 03 14:28:10 2005 => Virus Database Date: 2005/12/02
Sat Dec 03 14:28:37 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 15:37:47 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 15:49:57 2005 => Virus Database Date: 2005/12/03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

Venkman 05.12.2005 10:10
Also ich hab mit e-scan nochmal meinen Thunderbird Ordner gescannt und trotz mehrmaligen löschens im Abgesicherten Modus sind die Infizierten Dateien immer noch da!!!
Was kann bzw soll ich jetzt machen will nich formatiern da ich meine E-mails gerne behalten will.

Brauche also dringend Hilfe, bitte.

Danke


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131