|
Ok gut:daumenhoc Lass zum Schluss noch eScan nochmals alles checken und dann sollte es das gewesen sein:daumenhoc Ausser du hast noch irgendwelche Probleme natürlich |
Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\Windows\PLFSetI.exe" not found! Deletion of file "C:\Windows\PLFSetI.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. das ist die neue log von avenger und dann noch die von hjt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:50:37, on 20.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\conime.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: SETAUDIO.EXE O4 - Global Startup: SETRES.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10569 bytes und dann mach i das auch noch ^^ |
Zum Schluss noch etwas kleines... Fixe noch mit Hijackthis folgende Einträge: Zitat:
|
also iwie geht das mit dem escan nicht bekomm die datei nicht heruntergeladen... |
Zitat:
|
scheint jetzt doch zu gehen nur wird was dauern |
So endlich ist das fertig und leider wurde noch en virus gefunden aber sieh selbst: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2008.03.07 Microsoft Windows [Version 6.0.6001] Bootmodus: Normal eScan Version: 10.0.5 Sprache: German C:\Users\Daniel\AppData\Local\Temp\MWAV.LOG ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ Datei C:\Acer\Empowering Technology\eDataSecurity\nstdata.exe infiziert durch den Virus "NULL.Corrupted"! Maßnahme ergriffen: Keine Maßnahme ergriffen. ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Spyware (Vorsicht: Oft Fehlalarm!) ~~~~~~~~~~~ eScan AntiVirus und Antispyware Toolkit. Antiviren- und Antispywaredatenbanken werden heruntergeladen... eScan AntiVirus und Antispyware Toolkit. Scannen Spyware: Deaktiviert ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ laufende Prozesse - commandline ~~~~~~~~~~~~~~~~~~~~~~ System Idle Process - System - smss.exe - csrss.exe - wininit.exe - csrss.exe - services.exe - lsass.exe - lsm.exe - svchost.exe - svchost.exe - svchost.exe - svchost.exe - svchost.exe - svchost.exe - audiodg.exe - SLsvc.exe - svchost.exe - winlogon.exe - svchost.exe - aawservice.exe - spoolsv.exe - svchost.exe - ALaunchSvc.exe - ClipInc-Server.exe - eDSService.exe - eLockServ.exe - eNet Service.exe - IAANTmon.exe - LSSrvc.exe - McProxy.exe - Mcshield.exe - MobilityService.exe - MpfSrv.exe - msksrver.exe - svchost.exe - PSIService.exe - RichVideo.exe - SAService.exe - svchost.exe - svchost.exe - SearchIndexer.exe - XAudio.exe - eRecoveryService.exe - dwm.exe - "C:\Windows\system32\Dwm.exe" taskeng.exe - taskeng.exe {90A203BA-19CA-4702-839E-2AEB4CA5BA63} capuserv.exe - explorer.exe - C:\Windows\Explorer.EXE ePowerSvc.exe - WmiPrvSE.exe - WmiPrvSE.exe - unsecapp.exe - MSASCui.exe - "C:\Program Files\Windows Defender\MSASCui.exe" -hide SynTPStart.exe - "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" eDSLoader.exe - "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe" eAudio.exe - "C:\Acer\Empowering Technology\eAudio\eAudio.exe" mcagent.exe - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey SiteAdv.exe - "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" IAAnotif.exe - "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe" RtHDVCpl.exe - "C:\Windows\RtHDVCpl.exe" rundll32.exe - "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit rundll32.exe - rundll32 NVSVC.DLL,nvsvcInitialize mcmscsvc.exe - QtZgAcer.EXE - SynTPEnh.exe - PMVService.exe - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" jusched.exe - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" RtkBtMnt.exe - C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe sidebar.exe - "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun ehtray.exe - "C:\Windows\ehome\ehtray.exe" GoogleToolbarNotifier.exe - "C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe" wmpnscfg.exe - "C:\Program Files\Windows Media Player\wmpnscfg.exe" Acer.Empowering.Framework.Supervisor.exe - "C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe" wmpnetwk.exe - taskeng.exe - ehmsas.exe - C:\Windows\ehome\ehmsas.exe -Embedding sidebar.exe - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ePower_DMC.exe - "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" SearchProtocolHost.exe - SearchFilterHost.exe - cmd.exe - cmd /c ""C:\Users\Daniel\Downloads\find.bat" " conime.exe - C:\Windows\system32\conime.exe cscript.exe - cscript C:\escan\prclst.vbs //nologo ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ ERROR!!! Invalid Entry {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} = epm-po.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. ERROR!!! Invalid Entry ALaunch = C:\Acer\ALaunch\AlaunchClient.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. ERROR!!! Invalid Entry Corel Photo Downloader = C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. ERROR!!! Invalid Entry system32\DRIVERS\ipinip.sys in SYSTEM\CurrentControlSet\Services\IpInIp. Action Taken: No Action Taken. ERROR!!! Invalid Entry system32\DRIVERS\nwlnkflt.sys in SYSTEM\CurrentControlSet\Services\NwlnkFlt. Action Taken: No Action Taken. ERROR!!! Invalid Entry system32\DRIVERS\nwlnkfwd.sys in SYSTEM\CurrentControlSet\Services\NwlnkFwd. Action Taken: No Action Taken. ERROR!!! Invalid Entry \SystemRoot\system32\drivers\usbstor.sys in SYSTEM\CurrentControlSet\Services\USBSTOR. Action Taken: No Action Taken. Result: ERROR!!! File C:\Avenger\backup-20.08.2008-19.45.50,07.zip: Scanning Failure!!! ERROR!!! ScanFile fails for C:\Avenger\backup-20.08.2008-19.45.50,07.zip Result: ERROR!!! File C:\Avenger\backup.zip: Scanning Failure!!! ERROR!!! ScanFile fails for C:\Avenger\backup.zip ERROR!!! ScanFile fails for C:\Boot\BCD ERROR!!! ScanFile fails for C:\Boot\BCD.LOG ERROR!!! ScanFile fails for C:\DRV\BTW\Win32\Data1.cab ERROR!!! ScanFile fails for C:\DRV\BTW\Win64\Data1.cab ERROR!!! ScanFile fails for C:\MSOCache\ALLUSE~1\{90120~1\OfficeLR.cab ERROR!!! ScanFile fails for C:\MSOCache\ALLUSE~1\{91120~1\HomeSrWW.cab ERROR!!! ScanFile fails for C:\pagefile.sys Result: ERROR!!! File C:\Program Files\Acer GameZone\Jewel Quest Solitaire\vorbis.dll is Not Scanned Result: ERROR!!! File C:\Program Files\Acer GameZone\Jewel Quest Solitaire\vorbisfile.dll is Not Scanned Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearches.7z: Scanning Failure!!! ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~1.7Z Result: ERROR!!! File C:\Program Files\ICQ6\ConfigFiles\TopSearchesDe.7z: Scanning Failure!!! ERROR!!! ScanFile fails for C:\PROGRA~1\ICQ6\CONFIG~1\TOPSEA~2.7Z ERROR!!! ScanFile fails for C:\PROGRA~1\Java\JRE16~1.0_0\lib\rt.jar Result: ERROR!!! File C:\Program Files\McAfee.com\Agent\uninst\screm.ui: Scanning Failure!!! ERROR!!! ScanFile fails for C:\PROGRA~1\McAfee.com\Agent\uninst\screm.ui ERROR!!! ScanFile fails for C:\PROGRA~1\MICROS~3\WKSv7std.sbt ERROR!!! ScanFile fails for C:\PROGRA~1\WORDPE~1\CabsDE\QPHelp.cab ERROR!!! ScanFile fails for C:\PROGRA~1\WORDPE~1\CabsDE\WPHelp.cab ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04ef4e34e7194e72f76d9e9c493e25c2_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f49fc282f9247d39ace5a894a9d5037_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1628915b70ed0f650d2608bf52c121ac_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\277b3a3b8b6e4c56042a93021c47ace8_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c0ce322068e84f646b64258576c30e6_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\410cfc026ffc6154b174deae05f53d97_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\415f24982f9b321bab21a9823fd21045_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4375e5ff27e83f18d817ee192d3a2a62_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cb26c2ef1362a33a2adddbb238c9558_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d665b36419868bc18cee842724dabee_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d8bd5b5485c75d20cb25034acfde890_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76c60010ef8f96bd7f64a0e757eb3688_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7781b9f6eb180bef873b3515b2662e7c_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ad6cd3d9b6fe9d82d57076ffa518194_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83005110c973782b05cb87fff74b72c9_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c2752bbcdd39c802bfb8d8fbdf10089_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aa5d9e46dadff8eaa95cb52ff883558d_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abfe1c8475ceabadfda0499869ddf4e6_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae22551328d3178feabb3c91354dc0a6_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\af269cad715708590394fa858809ac42_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d8ef438f11cd58771cb75a2ce04a01c9_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2a4cb7a6e7e8498fa7395fca8e1ab39_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e772fe347a73bcdf84d5747b0f99161e_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e776e851497f0c85ef7919fa5084bf72_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea36f59a7ebbbde9049ec853bfabafe3_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef8de252f74ed252cba6f22113d7401c_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0f1610fc921ba2ad900405c74dbf8e5_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f3cd3236ad1368417cf1460f8e535012_207d61cd-6a9e-4c7c-9590-35bb89879912 ERROR!!! ScanFile fails for C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb0ee13a6d7db171aa6f24c04ce7289f_207d61cd-6a9e-4c7c-9590-35bb89879912 Result: ERROR!!! File C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0EDJIH2\MCF_Ravenhearst-setup[1].exe is Not Scanned Result: ERROR!!! File C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0EDJIH2\tiks_texas_holdem-setup[1].exe is Not Scanned ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXN2X5XJ\??????????????? ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat ERROR!!! ScanFile fails for C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Result: ERROR!!! File C:\Users\Daniel\AppData\Roaming\Engelmann Media\MyTube Downloader\HDX4VideoSites.dll is Not Scanned ERROR!!! ScanFile fails for C:\Users\Daniel\NTUSER.DAT ERROR!!! ScanFile fails for C:\Users\Daniel\ntuser.dat.LOG1 ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT ERROR!!! ScanFile fails for C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\edb.log ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb ERROR!!! ScanFile fails for C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb ERROR!!! ScanFile fails for C:\Windows\System32\config\COMPONENTS ERROR!!! ScanFile fails for C:\Windows\System32\config\COMPONENTS.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\DEFAULT ERROR!!! ScanFile fails for C:\Windows\System32\config\DEFAULT.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\COMPONENTS ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\DEFAULT ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SAM ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SECURITY ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SOFTWARE ERROR!!! ScanFile fails for C:\Windows\System32\config\RegBack\SYSTEM ERROR!!! ScanFile fails for C:\Windows\System32\config\SAM ERROR!!! ScanFile fails for C:\Windows\System32\config\SAM.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\SECURITY ERROR!!! ScanFile fails for C:\Windows\System32\config\SECURITY.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE ERROR!!! ScanFile fails for C:\Windows\System32\config\SOFTWARE.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\config\SYSTEM ERROR!!! ScanFile fails for C:\Windows\System32\config\SYSTEM.LOG1 ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ERROR!!! ScanFile fails for C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc Zeilen die nicht dem Standard entsprechen: C:\Windows\System32\drivers\etc\hosts: C:\Windows\System32\drivers\etc\hosts:127.0.0.1 localhost C:\Windows\System32\drivers\etc\hosts:::1 localhost ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zahl der gescannten Objekte: 105797 Zahl der kritischen Objekte: 1 Zahl der desinfizierten Objekte: 0 Zahl der umbenannten Dateien: 0 Zahl der gelöschten Objekte: 0 Zahl der Fehler: 17 Zeit verstrichen: 00:51:58 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Speicherüberprüfung: Aktiviert Registrierungsdatenbank-Überprüfung: Aktiviert Überprüfung des Startordners: Aktiviert Überprüfung des Systemordners: Aktiviert Überprüfung der Dienste: Aktiviert Überprüfung der Laufwerke: Deaktiviert Überprüfung aller Laufwerke:Aktiviert Überprüfung der Ordner: Deaktiviert Batchstart: 21:58:32,19 Batchende: 21:58:46,61 |
Ok Kannst du die Datei/Virus den eScan gefunden hat mal bei VirusTotal hochladen und ein neues HJT Log posten? Danke:daumenhoc Glaube aber das wars... |
Wenn i die Datei bei Virustotal hochladen will kommt das: 0 bytes size received / Se ha recibido un archivo vacio |
geht noch immer net.... |
Bei Jotti? |
das gleiche: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file |
Wie siehts aus wenn du deinen guard und deine firewall kurz für diesen Vorgang abschaltest |
die NULL.Corrupted Meldungen von escan taugen gar nix --> ignorieren edit: das soll nicht heißen, dass die nstdata.exe ok ist |
Zitat:
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 09:51 Uhr. |
Copyright ©2000-2026, Trojaner-Board