Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   eScan anschauen bitte (https://www.trojaner-board.de/12829-escan-anschauen-bitte.html)

Frogga 26.01.2005 21:00
eScan anschauen bitte
 
Mein Ablauf:

Hijackthis gemacht und für "rein" empfunden...

dann hab ich escan angemacht und nach ca 40 min abgebrochen und clear progs gemacht...

jetzt hab ich dann nochmal nen kompletten escan gemacht und das kam raus...


File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038445.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038446.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038466.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038467.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038472.exe infected by "Trojan.Win32.StartPage.lj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038480.exe infected by "TrojanDropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038482.exe infected by "TrojanDownloader.Win32.Agent.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038483.com infected by "TrojanDropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038485.exe infected by "TrojanDropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038498.exe infected by "Trojan.Win32.StartPage.lj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP145\A0038507.exe infected by "not-a-virus:AdWare.BiSpy.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP156\A0038947.dll infected by "not-a-virus:AdWare.ToolBar.FreeComm.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP169\A0042573.exe infected by "not-a-virus:Porn-Dialer.Win32.Intexdial" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP171\A0042608.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP171\A0042611.dll infected by "not-a-virus:AdWare.BrilliantDigital.1007" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP171\A0042628.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP171\A0042629.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP171\A0042630.exe infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP171\A0042634.dll infected by "not-a-virus:AdWare.Altnet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP171\A0042637.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP192\A0047968.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP193\A0047973.exe infected by "not-a-virus:AdWare.BiSpy.q" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP193\A0047978.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP193\A0047979.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP194\A0048028.exe infected by "Trojan.Win32.StartPage.lj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP194\A0048052.dll infected by "Trojan.Win32.StartPage.lj" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP194\A0048053.dll infected by "not-a-virus:AdWare.BiSpy.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\pdfmgr.dll infected by "not-a-virus:AdWare.BHO.MegaSearch.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\pdfrpt00.dll infected by "not-a-virus:AdWare.BHO.MegaSearch.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\rundll32\moo.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File C:\WINDOWS\system32\rundll32\svchost.exe tagged as not-a-virus:RiskWare.mIRC.6.0. No Action Taken.
File E:\Downloads\DivX521XP2K.exe infected by "Trojan-Dropper.Win32.Agent.el" Virus. Action Taken: No Action Taken.
File E:\Downloads\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File E:\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File E:\Program Files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Taken.
File E:\Programme\AVPersonal\INFECTED\MSMSGSVC.VIR infected by "TrojanDropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
File E:\Programme\AVPersonal\INFECTED\MSMSGSVC.VIR00 infected by "TrojanDropper.Win32.Small.lx" Virus. Action Taken: No Action Taken.
File E:\Programme\AVPersonal\INFECTED\updmgr.VIR infected by "TrojanDownloader.Win32.Keenval" Virus. Action Taken: No Action Taken.
File E:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP126\A0031548.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File E:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP126\A0031608.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File E:\System Volume Information\_restore{31ADDCA9-F9A1-4BD6-91FD-7D007E068A1D}\RP171\A0042617.dll infected by "not-a-virus:AdWare.Altnet.d" Virus. Action Taken: No Action Taken.




was darf ich löschen und was net??? bitte sagts mir...danke!

Frogga 26.01.2005 22:27
kann keiner helfen?? wäre mir sehr wichtig

Frogga 27.01.2005 08:29
Na, was gibts zu machen??

Shadow 27.01.2005 09:25
Schon mal aufgefallen dass es hier keinen Anspruch auf sofortige Bedienung gibt?
Deaktiviere mal die Systemwiederherstellung
Leere das Quarantäneverzeichnis von Antivir Personal
lösche E:\Downloads\DivX521XP2K.exe ( infected by "Trojan-Dropper.Win32.Agent.el" Virus. )

Ist "nur" AdWare:
File C:\WINDOWS\Downloaded Program Files\pdfmgr.dll infected by "not-a-virus:AdWare.BHO.MegaSearch.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\pdfrpt00.dll infected by "not-a-virus:AdWare.BHO.MegaSearch.b" Virus. Action Taken: No Action Taken.

Systemwiederherstellung wieder aktivieren, neuen eScan
(vielleicht habe ich was übersehen)

File E:\Program Files\Altnet\Download Manager\asmps.dll infected by "not-a-virus:AdWare.Altnet.b" Virus. Action Taken: No Action Take

nutzt/willst Du ihn?

Frogga 27.01.2005 20:11
Sry wegen dem Zeitdruck :/

wo deaktiviere/aktiviere ich die systemwiederherstellung?

Frogga 27.01.2005 20:13
Zitat:
Zitat von Shadow

Ist "nur" AdWare:
[/color][/color]File C:\WINDOWS\Downloaded Program Files\pdfmgr.dll infected by "not-a-virus:AdWare.BHO.MegaSearch.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\pdfrpt00.dll infected by "not-a-virus:AdWare.BHO.MegaSearch.b" Virus. Action Taken: No Action Taken.
[color=Red][color=Black]

das find ich net...

HerrKautz 27.01.2005 20:14
Mal an Eigeninitiative gedacht wie google.de?!

Shadow 27.01.2005 20:16
Zitat:
Zitat von Frogga
Sry wegen dem Zeitdruck :/

wo deaktiviere/aktiviere ich die systemwiederherstellung?
www.bsi.bund.de/av/texte/wiederher_xp.htm

chaosman 27.01.2005 20:18
@Frogga
das find ich net...

Alle dateien anzeigen
Entweder -> Windows Explorer (Win Taste +E) -> "Extras/Ordneroptionen" -> "Ansicht" -> Haken entfernen bei "Geschützte Systemdateien ausblenden (empfohlen)" und "Alle Dateien und Ordner anzeigen" aktivieren -> "OK"


chaosman


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131