hi leute!! escan fand BkCln.Unknown auf meinem pc. jedes mal wenn ich den pc neustarte vermehrt sich die zahl der angesteckten dateien. hab systemwiederherstellung deaktiviert und bin im AM.

hier ist mein log (AM):
Logfile of HijackThis v1.99.1
Scan saved at 22:37:43, on 10.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118842140218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118842101984
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab36385.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FA313AC-EA77-411A-B464-B159EAF96015}: NameServer = 195.34.133.13,195.34.133.14
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

was soll ich tun?
_____________
Anm.
Aktive Links editiert!
Beachte zukünftig die Hinweise dieser Anleitung: HiJackThis.


LG Cidre
S-Mod TB

ah ja und wenn ich versuche die infizierten dateien in AM zu loeschen kommt bei mir raus: datei kann nicht gelöscht werden: die quelldatei oder vom quelldatenträger kann nicht gelesen werden

Hallo,

poste doch mal die genauen Pfadangaben (Stichwort: Find.bat) zu den einzelnen Funden. Eventuell kann man anschließend mehr dazu sagen.

uhm... ich kann find.bat nicht finden. wo ungefaehr befindet er sich?

die muss man doch runterladen. die ist in der find.rar
steht alles sehr gut erklärt in der Anleitung an die du dich ja hoffentlich gehalten hast

Hier noch mal der Link zu eScan, der in diesem Thread noch nicht zu finden ist.

danke fuer die schnelle antworten escan scannt gerade... poste die results bald...

noch ein wenig geduld....

Du scannst schon im abgesicherten Modus, oder?

ja klar. AM ist das einzige was noch einwandfrei arbeitet.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde fьr "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Mon Sep 12 21:51:52 2005 => C:\RECYCLER\NPROTECT\00415645. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:52 2005 => File C:\RECYCLER\NPROTECT\00415645. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:52 2005 => C:\RECYCLER\NPROTECT\00415647. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:52 2005 => File C:\RECYCLER\NPROTECT\00415647. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:52 2005 => C:\RECYCLER\NPROTECT\00415675. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:52 2005 => File C:\RECYCLER\NPROTECT\00415675. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:52 2005 => C:\RECYCLER\NPROTECT\00415703. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:52 2005 => File C:\RECYCLER\NPROTECT\00415703. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415705. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415705. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415776. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415776. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415787. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415787. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415790. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415790. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415845. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415845. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415846. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415846. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415847. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415847. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415854. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415854. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415858. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415858. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00415871. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00415871. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:53 2005 => C:\RECYCLER\NPROTECT\00416002. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:53 2005 => File C:\RECYCLER\NPROTECT\00416002. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416030. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416030. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416032. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416032. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416103. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416103. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416114. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416114. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416117. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416117. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416172. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416172. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416173. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416173. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416174. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416174. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416181. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416181. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416185. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:54 2005 => File C:\RECYCLER\NPROTECT\00416185. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 21:51:54 2005 => C:\RECYCLER\NPROTECT\00416198. possibly infected and removed by background antivirus package!
Mon Sep 12 21:51:55 2005 => File C:\RECYCLER\NPROTECT\00416198. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
Mon Sep 12 22:14:34 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde fьr "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Mon Sep 12 22:14:34 2005 => Total Virus(es) Found: 26
Mon Sep 12 22:14:34 2005 => Total Errors: 191
Mon Sep 12 22:14:34 2005 => Time Elapsed: 00:44:42
Mon Sep 12 22:14:34 2005 => Total Objects Scanned: 61692
Mon Sep 12 21:28:53 2005 => Virus Database Date: 2005/09/01
Mon Sep 12 21:29:40 2005 => Virus Database Date: 2005/09/01
Mon Sep 12 22:14:34 2005 => Virus Database Date: 2005/09/01
Mon Sep 12 22:25:10 2005 => Virus Database Date: 2005/09/01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

ist das richtig?

Hab mit allen Mitteln versucht die Dateien zu loeschen. Auch durch KillBox und cmd und RD/ S. Klappt nicht. Gibt mir nur die Fehlermeldung an> Das System kann die angegebene Datei nicht finden.
Wie soll ich sie loeschen?

Zitat:

Zitat von chocolatte

Wie soll ich sie loeschen?

Mit dem Programm, was sie erstellt hat: Norton Antivirus.

Gruß
Yopie