|
Plagegeister aller Art und deren Bekämpfung: Post eines E-Scan "logs" (Was muss ich noch tun??)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.12.2005, 16:04 | #1 |
| Post eines E-Scan "logs" (Was muss ich noch tun??) So das hier stand inn dem Fenster von E-scan. Ich hoffe das reicht ansonsten würde ich noch den log posten. Da ich schonmal ein ähnliches Problem hatte, habe ich mit Total Commander bereicts die beiden Ordner von Thunderbird gelöscht. ICh hoffe das war richtig und nich zu voreillig. Meine Frage nun, muss noch was getan werden ?? Hier die Daten aus den "Virus detected- Fenster" von e-scan: Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Csy.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Dan.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ell.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esl.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fin.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Hun.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nor.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Plk.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptb.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Rus.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sky.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Slv.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sve.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Trk.nls". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_sve.chm". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HL-1430" refers to invalid object ".\HL-1430". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\REALTEK Semiconductor Corporation\REALTEK Gigabit and Fast Ethernet NIC Driver\setup.exe". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VIA Audio Driver" refers to invalid object ".\VIA Audio Driver". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Kerio\Personal Firewall 4\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Kerio\". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Intel PROSet Wireless\". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mfl". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rdf". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rlg". Action Taken: No Action Taken. Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sad". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken. Entry "HKCR\CLSID\{2DE506B9-4320-11d3-8E42-002035221EDA}" refers to invalid object "\tcshellex.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{A8482EAF-A1F3-4934-AE3F-56EB195A50BF}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{DDE0825B-6ADA-4AB8-A128-CEB218AF447C}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{5AABBE72-E7C3-40F7-9C01-C11BA4501B54}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken. Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. Entry "HKCR\MyGlobalSearchBar.ToolbarPlugin" refers to invalid object "{EF281620-A3A3-4f08-874F-D68CFC9B7945}". Action Taken: No Action Taken. Entry "HKCR\MyGlobalSearchBar.ToolbarPlugin.1" refers to invalid object "{EF281620-A3A3-4f08-874F-D68CFC9B7945}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken. Entry "HKCR\RTCIMSP.RTCIMService" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken. Entry "HKCR\RTCIMSP.RTCIMService.1" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken. Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\******\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Inbox infected by "Backdoor.Win32.Agent.nc" Virus! Action Taken: No Action Taken. File C:\Dokumente und Einstellungen\******l\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Junk infected by "Trojan-Dropper.Win32.Agent.uo" Virus! Action Taken: No Action Taken. File C:\Programme\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. File D:\Downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. Schonmal Danke in vorraus. Greetz P.S.: Ich hoffe ich habe sonst alles richtig gemacht Ich nutze Win XP Prof. mitr SP 2 Daniel
__________________ Danke für alles!!! Mfg Venkman P.S. bleibt sauber |
03.12.2005, 17:41 | #3 |
| Post eines E-Scan "logs" (Was muss ich noch tun??) So hier bitte, hoffe es is so besser (man verzeihe mir ) ^^
__________________~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Dec 03 14:31:56 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken. Sat Dec 03 14:32:00 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken. Sat Dec 03 14:32:02 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken. Sat Dec 03 14:33:23 2005 => File C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Inbox infected by "Backdoor.Win32.Agent.nc" Virus! Action Taken: No Action Taken. Sat Dec 03 14:33:24 2005 => File C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Junk infected by "Trojan-Dropper.Win32.Agent.uo" Virus! Action Taken: No Action Taken. Sat Dec 03 14:40:59 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* Sat Dec 03 15:24:35 2005 => Scanning File D:\Mp3 Dateien\BAD_RELIGION___INFECTED.MP3 Sat Dec 03 15:24:35 2005 => Scanning File D:\Mp3 Dateien\Bartezz - Infected.mp3 Sat Dec 03 15:37:47 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "tagged" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponent.html Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponentHelper.html Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponentHolder.html Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfile.html Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfileHelper.html Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfileHolder.html Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponent.html Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponentHelper.html Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponentHolder.html Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfile.html Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfileHelper.html Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfileHolder.html Sat Dec 03 14:59:12 2005 => File C:\Programme\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. Sat Dec 03 15:20:20 2005 => File D:\Downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde für "offending" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!! Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!! Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\limewire !!! Sat Dec 03 14:31:58 2005 => Offending Folder found: C:\Programme\limewire Sat Dec 03 14:32:00 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\javabuch 4\hjp4\html\search.html Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\gvc92fav\common[1].js Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\m1abwxsb\common[1].js Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\slodahwt\blank[1].htm Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\slodahwt\common[1].js Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\wr45kp4x\common[1].js Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\gvc92fav\common[1].js Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\m1abwxsb\common[1].js Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\slodahwt\blank[1].htm Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\slodahwt\common[1].js Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\wr45kp4x\common[1].js Sat Dec 03 14:32:02 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\javabuch 4\hjp4\html\search.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sat Dec 03 15:37:47 2005 => Total Virus(es) Found: 21 Sat Dec 03 15:37:47 2005 => Total Errors: 95 Sat Dec 03 15:37:47 2005 => Time Elapsed: 01:08:19 Sat Dec 03 15:37:47 2005 => Total Objects Scanned: 77889 Sat Dec 03 14:28:10 2005 => Virus Database Date: 2005/12/02 Sat Dec 03 14:28:37 2005 => Virus Database Date: 2005/12/03 Sat Dec 03 15:37:47 2005 => Virus Database Date: 2005/12/03 Sat Dec 03 15:49:57 2005 => Virus Database Date: 2005/12/03 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~ © Haui ;-) ~~~~~~~ ~~~~~~~ Dank an Cidre ~~~~~~~
__________________ |
05.12.2005, 10:10 | #4 |
| Post eines E-Scan "logs" (Was muss ich noch tun??) Also ich hab mit e-scan nochmal meinen Thunderbird Ordner gescannt und trotz mehrmaligen löschens im Abgesicherten Modus sind die Infizierten Dateien immer noch da!!! Was kann bzw soll ich jetzt machen will nich formatiern da ich meine E-mails gerne behalten will. Brauche also dringend Hilfe, bitte. Danke
__________________ Danke für alles!!! Mfg Venkman P.S. bleibt sauber |
Themen zu Post eines E-Scan "logs" (Was muss ich noch tun??) |
audio, danke, driver, einstellungen, explorer, file, firewall, frage, gen, infected, limewire, log, microsoft, not-a-virus, ordner, problem, programme, realtek, software, system, system32, total, total commander, virus, win xp, windows, wireless |