Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Post eines E-Scan "logs" (Was muss ich noch tun??)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.12.2005, 16:04   #1
Venkman
 
Post eines E-Scan "logs" (Was muss ich noch tun??) - Standard

Post eines E-Scan "logs" (Was muss ich noch tun??)



So das hier stand inn dem Fenster von E-scan.
Ich hoffe das reicht ansonsten würde ich noch den log posten.
Da ich schonmal ein ähnliches Problem hatte, habe ich mit Total Commander bereicts die beiden Ordner von Thunderbird gelöscht. ICh hoffe das war richtig und nich zu voreillig.
Meine Frage nun, muss noch was getan werden ??

Hier die Daten aus den "Virus detected- Fenster" von e-scan:

Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sve.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nld.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Sve.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esl.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_esp.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ita.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_nld.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_ptg.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_sve.chm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HL-1430" refers to invalid object ".\HL-1430". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe" refers to invalid object "C:\Programme\REALTEK Semiconductor Corporation\REALTEK Gigabit and Fast Ethernet NIC Driver\setup.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\VIA Audio Driver" refers to invalid object ".\VIA Audio Driver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Kerio\Personal Firewall 4\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\Daniel\Startmenü\Programme\Kerio\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Intel PROSet Wireless\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mfl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rdf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rlg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sad". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8DD86BF7-28B3-4CE9-88AE-E6EC790CAECA}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2DE506B9-4320-11d3-8E42-002035221EDA}" refers to invalid object "\tcshellex.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A8482EAF-A1F3-4934-AE3F-56EB195A50BF}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DDE0825B-6ADA-4AB8-A128-CEB218AF447C}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5AABBE72-E7C3-40F7-9C01-C11BA4501B54}" refers to invalid object "E:\bin\activex.ocx". Action Taken: No Action Taken.
Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\MyGlobalSearchBar.ToolbarPlugin" refers to invalid object "{EF281620-A3A3-4f08-874F-D68CFC9B7945}". Action Taken: No Action Taken.
Entry "HKCR\MyGlobalSearchBar.ToolbarPlugin.1" refers to invalid object "{EF281620-A3A3-4f08-874F-D68CFC9B7945}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\RTCIMSP.RTCIMService.1" refers to invalid object "{83D4679F-B6D7-11D2-BF36-00C04FB90A03}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\******\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Inbox infected by "Backdoor.Win32.Agent.nc" Virus! Action Taken: No Action Taken.
File C:\Dokumente und Einstellungen\******l\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Junk infected by "Trojan-Dropper.Win32.Agent.uo" Virus! Action Taken: No Action Taken.
File C:\Programme\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File D:\Downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.




Schonmal Danke in vorraus.

Greetz


P.S.: Ich hoffe ich habe sonst alles richtig gemacht
Ich nutze Win XP Prof. mitr SP 2
Daniel
__________________
Danke für alles!!!

Mfg Venkman

P.S. bleibt sauber

Alt 03.12.2005, 16:36   #2
chaosman
 
Post eines E-Scan "logs" (Was muss ich noch tun??) - Standard

Post eines E-Scan "logs" (Was muss ich noch tun??)



@Venkman
um es etwas übersichtlicher zu machen, poste dein escan logfile wie hier beschrieben wird.
anleitung

chaosman
__________________

__________________

Alt 03.12.2005, 17:41   #3
Venkman
 
Post eines E-Scan "logs" (Was muss ich noch tun??) - Standard

Post eines E-Scan "logs" (Was muss ich noch tun??)



So hier bitte, hoffe es is so besser (man verzeihe mir ) ^^

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 03 14:31:56 2005 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.
Sat Dec 03 14:32:00 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:01 2005 => System found infected with whenu.savenow Spyware/Adware (common[1].js)! Action taken: No Action Taken.
Sat Dec 03 14:32:02 2005 => System found infected with whenu.sidefinder Spyware/Adware (search.html)! Action taken: No Action Taken.
Sat Dec 03 14:33:23 2005 => File C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Inbox infected by "Backdoor.Win32.Agent.nc" Virus! Action Taken: No Action Taken.
Sat Dec 03 14:33:24 2005 => File C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Thunderbird\Profiles\3stgqalf.default\Mail\Local Folders\Junk infected by "Trojan-Dropper.Win32.Agent.uo" Virus! Action Taken: No Action Taken.
Sat Dec 03 14:40:59 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Dec 03 15:24:35 2005 => Scanning File D:\Mp3 Dateien\BAD_RELIGION___INFECTED.MP3
Sat Dec 03 15:24:35 2005 => Scanning File D:\Mp3 Dateien\Bartezz - Infected.mp3
Sat Dec 03 15:37:47 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponent.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponentHelper.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedComponentHolder.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfile.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfileHelper.html
Sat Dec 03 14:49:08 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\class-use\TaggedProfileHolder.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponent.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponentHelper.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedComponentHolder.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfile.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfileHelper.html
Sat Dec 03 14:49:10 2005 => Scanning File C:\Programme\Java\jdk1.5.0_01\doc\docs\api\org\omg\IOP\TaggedProfileHolder.html
Sat Dec 03 14:59:12 2005 => File C:\Programme\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Sat Dec 03 15:20:20 2005 => File D:\Downloads\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!!
Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sat Dec 03 14:31:57 2005 => Offending Key found: HKLM\Software\limewire !!!
Sat Dec 03 14:31:58 2005 => Offending Folder found: C:\Programme\limewire
Sat Dec 03 14:32:00 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\javabuch 4\hjp4\html\search.html
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\gvc92fav\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\m1abwxsb\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\slodahwt\blank[1].htm
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\slodahwt\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\temporary internet files\content.ie5\wr45kp4x\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\gvc92fav\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\m1abwxsb\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\slodahwt\blank[1].htm
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\slodahwt\common[1].js
Sat Dec 03 14:32:01 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Temporary Internet Files\content.ie5\wr45kp4x\common[1].js
Sat Dec 03 14:32:02 2005 => Offending file found: C:\Dokumente und Einstellungen\Daniel\Eigene Dateien\javabuch 4\hjp4\html\search.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Dec 03 15:37:47 2005 => Total Virus(es) Found: 21
Sat Dec 03 15:37:47 2005 => Total Errors: 95
Sat Dec 03 15:37:47 2005 => Time Elapsed: 01:08:19
Sat Dec 03 15:37:47 2005 => Total Objects Scanned: 77889
Sat Dec 03 14:28:10 2005 => Virus Database Date: 2005/12/02
Sat Dec 03 14:28:37 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 15:37:47 2005 => Virus Database Date: 2005/12/03
Sat Dec 03 15:49:57 2005 => Virus Database Date: 2005/12/03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~
__________________
__________________

Alt 05.12.2005, 10:10   #4
Venkman
 
Post eines E-Scan "logs" (Was muss ich noch tun??) - Standard

Post eines E-Scan "logs" (Was muss ich noch tun??)



Also ich hab mit e-scan nochmal meinen Thunderbird Ordner gescannt und trotz mehrmaligen löschens im Abgesicherten Modus sind die Infizierten Dateien immer noch da!!!
Was kann bzw soll ich jetzt machen will nich formatiern da ich meine E-mails gerne behalten will.

Brauche also dringend Hilfe, bitte.

Danke
__________________
Danke für alles!!!

Mfg Venkman

P.S. bleibt sauber

Antwort

Themen zu Post eines E-Scan "logs" (Was muss ich noch tun??)
audio, danke, driver, einstellungen, explorer, file, firewall, frage, gen, infected, limewire, log, microsoft, not-a-virus, ordner, problem, programme, realtek, software, system, system32, total, total commander, virus, win xp, windows, wireless




Ähnliche Themen: Post eines E-Scan "logs" (Was muss ich noch tun??)


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. da warens nur noch 3: "assembly\GAC_32(64)\Desktop.ini" & "Fehlercode 0x80070424"
    Plagegeister aller Art und deren Bekämpfung - 02.10.2013 (17)
  5. Trojaner gefunden / "Post sendung abholen" Targobank Trojaner"
    Log-Analyse und Auswertung - 19.01.2013 (2)
  6. Virus "Deutsche Post" Aufforderung zur Sendungsabholung
    Log-Analyse und Auswertung - 30.12.2012 (33)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. Deutsche Post - "Paket abholen" - Datenrettung möglich?
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (11)
  9. PC eingefroren nach öffnen der .zip Datei von der "Deutschen Post"
    Log-Analyse und Auswertung - 13.11.2012 (7)
  10. Laptop blockiert / Weißes Bild / "Es besteht noch keine Verbindung zum Internet" + OTL Logs
    Log-Analyse und Auswertung - 09.07.2012 (1)
  11. Trotz Anti-Malware-Scan immer noch "TR/ATRAPS.Gen"
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  12. "Deutsche Post.Sie mussen eine Postsendung abholen"
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  13. "System Tool", Scan gestartet hat bei "Scanning Useres StartMenue..." hängen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (1)
  14. Rogue-Malware "EASY SCAN" alias "HDD Low" Problem beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (9)
  15. "Do a System Scan" - Nach Aufruf eines nicht vorhandenen Verzeichnisses.
    Log-Analyse und Auswertung - 29.05.2010 (3)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. eTrust fand "einen" Trojaner, danach AntiVir noch "vier"..!!??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2005 (5)

Zum Thema Post eines E-Scan "logs" (Was muss ich noch tun??) - So das hier stand inn dem Fenster von E-scan. Ich hoffe das reicht ansonsten würde ich noch den log posten. Da ich schonmal ein ähnliches Problem hatte, habe ich mit - Post eines E-Scan "logs" (Was muss ich noch tun??)...
Archiv
Du betrachtest: Post eines E-Scan "logs" (Was muss ich noch tun??) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.