Ich habe escan laufen lassen und folgendes gefunden:

Mon Sep 13 00:17:14 2004 => File C:\Programme\hijackthis1982\backups\backup-20040912-234152-360.dll infected by "not-a-virus:AdvWare.Winad" Virus. Action Taken: File Renamed.

:40:29 2005 => File C:\WINDOWS\System32\EGCOMSERVICE2.dll infected by "Trojan.Win32.Dialer.fr" Virus. Action Taken: File Deleted.

Mon Feb 21 04:14:04 2005 => File C:\Programme\Sonic\Express Labeler\stax.DEU infected by "Trojan-Downloader.Win32.Delf.au" Virus. Action Taken: File Deleted.

Mon Feb 21 04:24:45 2005 => File C:\System Volume Information\_restore{A5724DF5-44AE-4026-9D53-F151DCDA940D}\RP122\A0006618.dll infected by "Trojan.Win32.Dialer.fr" Virus. Action Taken: File Deleted.

Mon Feb 21 04:49:10 2005 => Total Number of Files Scanned: 63633
Mon Feb 21 04:49:10 2005 => Total Number of Virus(es) Found: 9
Mon Feb 21 04:49:10 2005 => Total Number of Disinfected Files: 0
Mon Feb 21 04:49:10 2005 => Total Number of Files Renamed: 0
Mon Feb 21 04:49:10 2005 => Total Number of Deleted Files: 3
Mon Feb 21 04:49:10 2005 => Total Number of Errors: 1
Mon Feb 21 04:49:10 2005 => Time Elapsed: 01:09:19
Mon Feb 21 04:49:10 2005 => Virus Database Date: 2005/02/21
Mon Feb 21 04:49:10 2005 => Virus Database Count: 118965

Kann ich irgendwo bei escan einstellen, dass es nicht von selbst infizierte Dateien löscht oder umbenennt?

HijackLog:
Logfile of HijackThis v1.99.1
Scan saved at 01:29:52, on 23.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis 2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://internet.sunrise.ch/de/hom/default.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programme\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: AutoTBar.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://internet.sunrise.ch/de/hom/default.asp
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Programme\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe


Vielen Dank schon jetzt.

Gruss
Marion

@marion.ch
Beachte, dass der eScan ab Version 4.5.1 gefundene Malware nicht löscht.
Zitat Cidre

du hast noch den alte version der automatisch löscht was es findet.
der aktuelle version macht das nicht.
es beides vor -und nachteile
escan neu download

chaosman