Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Web Antivirenprogramm zeigt 68 Infekte an (https://www.trojaner-board.de/57891-web-antivirenprogramm-zeigt-68-infekte.html)

trojan-death 20.08.2008 18:48
Ok gut:daumenhoc

Lass zum Schluss noch eScan nochmals alles checken und dann sollte es das gewesen sein:daumenhoc
Ausser du hast noch irgendwelche Probleme natürlich

crazaD 20.08.2008 18:52
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\Windows\PLFSetI.exe" not found!
Deletion of file "C:\Windows\PLFSetI.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

das ist die neue log von avenger und dann noch die von hjt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:37, on 20.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10569 bytes

und dann mach i das auch noch ^^

trojan-death 20.08.2008 19:02
Zum Schluss noch etwas kleines...

Fixe noch mit Hijackthis folgende Einträge:
Zitat:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - Global Startup: SETAUDIO.EXE
O4 - Global Startup: SETRES.EXE
Nun wars das wirklich:daumenhoc

crazaD 20.08.2008 19:03
also iwie geht das mit dem escan nicht bekomm die datei nicht heruntergeladen...

trojan-death 20.08.2008 19:05
Zitat:
Zitat von crazaD (Beitrag 364470)
also iwie geht das mit dem escan nicht bekomm die datei nicht heruntergeladen...
Mit keinem der Links????

crazaD 20.08.2008 19:17
scheint jetzt doch zu gehen nur wird was dauern

crazaD 20.08.2008 21:01
So endlich ist das fertig und leider wurde noch en virus gefunden aber sieh selbst:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2008.03.07

Microsoft Windows [Version 6.0.6001]
Bootmodus: Normal

eScan Version: 10.0.5
Sprache: German
C:\Users\Daniel\AppData\Local\Temp\MWAV.LOG



~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Datei C:\Acer\Empowering Technology\eDataSecurity\nstdata.exe infiziert durch den Virus "NULL.Corrupted"! Maßnahme ergriffen: Keine Maßnahme ergriffen.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Spyware (Vorsicht: Oft Fehlalarm!)
~~~~~~~~~~~
eScan AntiVirus und Antispyware Toolkit.
Antiviren- und Antispywaredatenbanken werden heruntergeladen...
eScan AntiVirus und Antispyware Toolkit.
Scannen Spyware: Deaktiviert
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
laufende Prozesse - commandline
~~~~~~~~~~~~~~~~~~~~~~
System Idle Process -
System -
smss.exe -
csrss.exe -
wininit.exe -
csrss.exe -
services.exe -
lsass.exe -
lsm.exe -
svchost.exe -
svchost.exe -
svchost.exe -
svchost.exe -
svchost.exe -
svchost.exe -
audiodg.exe -
SLsvc.exe -
svchost.exe -
winlogon.exe -
svchost.exe -
aawservice.exe -
spoolsv.exe -
svchost.exe -
ALaunchSvc.exe -
ClipInc-Server.exe -
eDSService.exe -
eLockServ.exe -
eNet Service.exe -
IAANTmon.exe -
LSSrvc.exe -
McProxy.exe -
Mcshield.exe -
MobilityService.exe -
MpfSrv.exe -
msksrver.exe -
svchost.exe -
PSIService.exe -
RichVideo.exe -
SAService.exe -
svchost.exe -
svchost.exe -
SearchIndexer.exe -
XAudio.exe -
eRecoveryService.exe -
dwm.exe - "C:\Windows\system32\Dwm.exe"
taskeng.exe - taskeng.exe {90A203BA-19CA-4702-839E-2AEB4CA5BA63}
capuserv.exe -
explorer.exe - C:\Windows\Explorer.EXE
ePowerSvc.exe -
WmiPrvSE.exe -
WmiPrvSE.exe -
unsecapp.exe -
MSASCui.exe - "C:\Program Files\Windows Defender\MSASCui.exe" -hide
SynTPStart.exe - "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
eDSLoader.exe - "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe"
eAudio.exe - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
mcagent.exe - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
SiteAdv.exe - "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
IAAnotif.exe - "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
RtHDVCpl.exe - "C:\Windows\RtHDVCpl.exe"
rundll32.exe - "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
rundll32.exe - rundll32 NVSVC.DLL,nvsvcInitialize
mcmscsvc.exe -
QtZgAcer.EXE -
SynTPEnh.exe -
PMVService.exe - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
jusched.exe - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RtkBtMnt.exe - C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
sidebar.exe - "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
ehtray.exe - "C:\Windows\ehome\ehtray.exe"
GoogleToolbarNotifier.exe - "C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe"
wmpnscfg.exe - "C:\Program Files\Windows Media Player\wmpnscfg.exe"
Acer.Empowering.Framework.Supervisor.exe - "C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe"
wmpnetwk.exe -
taskeng.exe -
ehmsas.exe - C:\Windows\ehome\ehmsas.exe -Embedding
sidebar.exe - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ePower_DMC.exe - "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
SearchProtocolHost.exe -
SearchFilterHost.exe -
cmd.exe - cmd /c ""C:\Users\Daniel\Downloads\find.bat" "
conime.exe - C:\Windows\system32\conime.exe
cscript.exe - cscript C:\escan\prclst.vbs //nologo
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
ERROR!!! Invalid Entry {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} = epm-po.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
ERROR!!! Invalid Entry ALaunch = C:\Acer\ALaunch\AlaunchClient.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
ERROR!!! Invalid Entry Corel Photo Downloader = C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
ERROR!!! Invalid Entry system32\DRIVERS\ipinip.sys in SYSTEM\CurrentControlSet\Services\IpInIp. Action Taken: No Action Taken.
ERROR!!! Invalid Entry system32\DRIVERS\nwlnkflt.sys in SYSTEM\CurrentControlSet\Services\NwlnkFlt. Action Taken: No Action Taken.
ERROR!!! Invalid Entry system32\DRIVERS\nwlnkfwd.sys in SYSTEM\CurrentControlSet\Services\NwlnkFwd. Action Taken: No Action Taken.
ERROR!!! Invalid Entry \SystemRoot\system32\drivers\usbstor.sys in SYSTEM\CurrentControlSet\Services\USBSTOR. Action Taken: No Action Taken.
Result: ERROR!!! File C:\Avenger\backup-20.08.2008-19.45.50,07.zip: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\Avenger\backup-20.08.2008-19.45.50,07.zip
Result: ERROR!!! File C:\Avenger\backup.zip: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\Avenger\backup.zip
ERROR!!! ScanFile fails for C:\Boot\BCD
ERROR!!! ScanFile fails for C:\Boot\BCD.LOG
ERROR!!! ScanFile fails for C:\DRV\BTW\Win32\Data1.cab
ERROR!!! ScanFile fails for C:\DRV\BTW\Win64\Data1.cab
ERROR!!! ScanFile fails for C:\MSOCache\ALLUSE~1\{90120~1\OfficeLR.cab
ERROR!!! ScanFile fails for C:\MSOCache\ALLUSE~1\{91120~1\HomeSrWW.cab
ERROR!!! ScanFile fails for C:\pagefile.sys
Result: ERROR!!! File C:\Program Files\Acer GameZone\Jewel Quest Solitaire\vorbis.dll is Not Scanned
Result: ERROR!!! File C:\Program Files\Acer GameZone\Jewel Quest Solitaire\vorbisfile.dll is Not Scanned
Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearches.7z: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~1.7Z
Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearchesDe.7z: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~2.7Z
ERROR!!! ScanFile fails for C:\PROGRA~1\Java\JRE16~1.0_0\lib\rt.jar
Result: ERROR!!! File C:\Program Files\McAfee.com\Agent\uninst\screm.ui: Scanning Failure!!!
ERROR!!! ScanFile fails for C:\PROGRA~1\McAfee.com\Agent\uninst\screm.ui
ERROR!!! ScanFile fails for C:\PROGRA~1\MICROS~3\WKSv7std.sbt
ERROR!!! ScanFile fails for C:\PROGRA~1\WORDPE~1\CabsDE\QPHelp.cab
ERROR!!! ScanFile fails for C:\PROGRA~1\WORDPE~1\CabsDE\WPHelp.cab
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04ef4e34e7194e72f76d9e9c493e25c2_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f49fc282f9247d39ace5a894a9d5037_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1628915b70ed0f650d2608bf52c121ac_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\277b3a3b8b6e4c56042a93021c47ace8_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c0ce322068e84f646b64258576c30e6_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\410cfc026ffc6154b174deae05f53d97_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\415f24982f9b321bab21a9823fd21045_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4375e5ff27e83f18d817ee192d3a2a62_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cb26c2ef1362a33a2adddbb238c9558_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d665b36419868bc18cee842724dabee_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d8bd5b5485c75d20cb25034acfde890_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76c60010ef8f96bd7f64a0e757eb3688_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7781b9f6eb180bef873b3515b2662e7c_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ad6cd3d9b6fe9d82d57076ffa518194_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83005110c973782b05cb87fff74b72c9_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c2752bbcdd39c802bfb8d8fbdf10089_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa5d9e46dadff8eaa95cb52ff883558d_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abfe1c8475ceabadfda0499869ddf4e6_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae22551328d3178feabb3c91354dc0a6_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af269cad715708590394fa858809ac42_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d8ef438f11cd58771cb75a2ce04a01c9_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2a4cb7a6e7e8498fa7395fca8e1ab39_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e772fe347a73bcdf84d5747b0f99161e_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e776e851497f0c85ef7919fa5084bf72_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea36f59a7ebbbde9049ec853bfabafe3_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef8de252f74ed252cba6f22113d7401c_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0f1610fc921ba2ad900405c74dbf8e5_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f3cd3236ad1368417cf1460f8e535012_207d61cd-6a9e-4c7c-9590-35bb89879912
ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb0ee13a6d7db171aa6f24c04ce7289f_207d61cd-6a9e-4c7c-9590-35bb89879912
Result: ERROR!!! File C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0EDJIH2\MCF_Ravenhearst-setup[1].exe is Not Scanned
Result: ERROR!!! File C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0EDJIH2\tiks_texas_holdem-setup[1].exe is Not Scanned
ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXN2X5XJ\???????????????
ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat
ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
Result: ERROR!!! File C:\Users\Daniel\AppData\Roaming\Engelmann Media\MyTube Downloader\HDX4VideoSites.dll is Not Scanned
ERROR!!! ScanFile fails for C:\Users\Daniel\NTUSER.DAT
ERROR!!! ScanFile fails for C:\Users\Daniel\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\edb.log
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
ERROR!!! ScanFile fails for C:\Windows\System32\config\COMPONENTS
ERROR!!! ScanFile fails for C:\Windows\System32\config\COMPONENTS.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\DEFAULT
ERROR!!! ScanFile fails for C:\Windows\System32\config\DEFAULT.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\COMPONENTS
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\DEFAULT
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SAM
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SECURITY
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SOFTWARE
ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SYSTEM
ERROR!!! ScanFile fails for C:\Windows\System32\config\SAM
ERROR!!! ScanFile fails for C:\Windows\System32\config\SAM.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\SECURITY
ERROR!!! ScanFile fails for C:\Windows\System32\config\SECURITY.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE
ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\config\SYSTEM
ERROR!!! ScanFile fails for C:\Windows\System32\config\SYSTEM.LOG1
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
C:\Windows\System32\drivers\etc\hosts:
C:\Windows\System32\drivers\etc\hosts:127.0.0.1 localhost
C:\Windows\System32\drivers\etc\hosts:::1 localhost
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zahl der gescannten Objekte: 105797
Zahl der kritischen Objekte: 1
Zahl der desinfizierten Objekte: 0
Zahl der umbenannten Dateien: 0
Zahl der gelöschten Objekte: 0
Zahl der Fehler: 17
Zeit verstrichen: 00:51:58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Speicherüberprüfung: Aktiviert
Registrierungsdatenbank-Überprüfung: Aktiviert
Überprüfung des Startordners: Aktiviert
Überprüfung des Systemordners: Aktiviert
Überprüfung der Dienste: Aktiviert
Überprüfung der Laufwerke: Deaktiviert
Überprüfung aller Laufwerke:Aktiviert
Überprüfung der Ordner: Deaktiviert

Batchstart: 21:58:32,19
Batchende: 21:58:46,61

trojan-death 21.08.2008 12:08
Ok

Kannst du die Datei/Virus den eScan gefunden hat mal bei VirusTotal hochladen und ein neues HJT Log posten? Danke:daumenhoc

Glaube aber das wars...

crazaD 21.08.2008 12:30
Wenn i die Datei bei Virustotal hochladen will kommt das:

0 bytes size received / Se ha recibido un archivo vacio

crazaD 21.08.2008 18:53
geht noch immer net....

trojan-death 21.08.2008 18:55
Bei Jotti?

crazaD 21.08.2008 18:59
das gleiche:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

trojan-death 21.08.2008 19:06
Wie siehts aus wenn du deinen guard und deine firewall kurz für diesen Vorgang abschaltest

erty 21.08.2008 20:59
die NULL.Corrupted Meldungen von escan taugen gar nix --> ignorieren

edit:
das soll nicht heißen, dass die nstdata.exe ok ist

trojan-death 22.08.2008 21:59
Zitat:
Zitat von erty (Beitrag 364841)
die NULL.Corrupted Meldungen von escan taugen gar nix --> ignorieren

edit:
das soll nicht heißen, dass die nstdata.exe ok ist
Darum will ich ja das er sie scannt:daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:52 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131