Und wo ist das mit der find.bat erzeugte Ergebnis des esan.

Zitat:

Zitat von felix1

Und wo ist das mit der find.bat erzeugte Ergebnis des esan.

Hab ich doch gepostet an Stelle Nr. 2:
Das HiJack Logfile hab ich doch beachtet und mit *** editiert

Gruß novedas

XXX hab das MWAV.LOG übersehen, da ist ja noch eins, kann ich das hier überhaupt posten ? das hat 5,71 MB ?

Lese die Anweisungen zur find.bat:

http://www.trojaner-board.de/showthread.php?t=17492

[5]

O.K.
hat geklappt, sieht mit 9 kb schon besser aus.

Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 23:03:31 2005 => File C:\WINDOWS\q886164.dll infected by "Trojan-Downloader.Win32.Delf.h" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:03:32 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:03:48 2005 => File C:\WINDOWS\q886164.dll infected by "Trojan-Downloader.Win32.Delf.h" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:04:24 2005 => System found infected with popuper Spyware/Adware (popuper.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:24 2005 => System found infected with smitfraud Spyware/Adware (sites.ini)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with conducent flexpak Spyware/Adware (empty.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with ezula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with smitfraud Spyware/Adware (intmon.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with smitfraud Spyware/Adware (msole32.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with smitfraud Spyware/Adware (ole32vbs.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with smitfraud Spyware/Adware (shnlog.exe)! Action taken: No Action Taken.
Wed Nov 09 23:36:05 2005 => File C:\Programme\B5APPZ\0061\CrackSearcher.exe infected by "HackTool.Win32.CrackSearch.a" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:47:58 2005 => File C:\RECYCLER\S-1-5-21-1060284298-789336058-839522115-1003\Dc231.so infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:47:58 2005 => File C:\RECYCLER\S-1-5-21-1060284298-789336058-839522115-1003\Dc232.so infected by "Trojan-Downloader.Win32.Small.bqx" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:07:34 2005 => File C:\WINDOWS\popuper.exe infected by "Trojan.Win32.Puper.bi" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:15:34 2005 => File C:\WINDOWS\system32\hhk.dll infected by "Trojan.Win32.Puper.bh" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:15:43 2005 => File C:\WINDOWS\system32\intell32.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:15:43 2005 => File C:\WINDOWS\system32\intmon.exe infected by "Trojan.Win32.Puper.bh" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:16:21 2005 => File C:\WINDOWS\system32\msole32.exe infected by "not-virus:Hoax.Win32.Renos.q" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:16:43 2005 => File C:\WINDOWS\system32\ole32vbs.exe infected by "Trojan.Win32.Favadd.aj" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:16:44 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:16:44 2005 => File C:\WINDOWS\system32\oleext32.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:17:03 2005 => File C:\WINDOWS\system32\prflbmsgp32.dll infected by "Trojan-Downloader.Win32.Delf.yb" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:17:26 2005 => File C:\WINDOWS\system32\shnlog.exe infected by "Trojan.Win32.Puper.bh" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:18:23 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:20:07 2005 => File D:\Tools\Virus\hijackthis NEU\backups\backup-20051108-203754-449.dll infected by "Trojan-Downloader.Win32.Delf.yb" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:23:12 2005 => Total Disinfected Files: 0
Thu Nov 10 19:18:05 2005 => File C:\WINDOWS\q886164.dll infected by "Trojan-Downloader.Win32.Delf.h" Virus! Action Taken: No Action Taken.
Thu Nov 10 19:18:23 2005 => File C:\WINDOWS\q886164.dll infected by "Trojan-Downloader.Win32.Delf.h" Virus! Action Taken: No Action Taken.
Thu Nov 10 19:18:53 2005 => System found infected with conducent flexpak Spyware/Adware (empty.exe)! Action taken: No Action Taken.
Thu Nov 10 19:18:53 2005 => System found infected with ezula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken.
Thu Nov 10 19:49:13 2005 => File C:\Programme\B5APPZ\0061\CrackSearcher.exe infected by "HackTool.Win32.CrackSearch.a" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:29:47 2005 => File C:\WINDOWS\system32\oleext32.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:30:07 2005 => File C:\WINDOWS\system32\prflbmsgp32.dll infected by "Trojan-Downloader.Win32.Delf.yb" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:31:28 2005 => File C:\WINDOWS\system32\wininet.old infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:33:15 2005 => File D:\Tools\Virus\hijackthis NEU\backups\backup-20051108-203754-449.dll infected by "Trojan-Downloader.Win32.Delf.yb" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:36:46 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 23:17:07 2005 => File C:\Programme\B5APPZ\0004\0004.exe tagged as not-a-virus:Server-FTP.Win32.BulletProof.230. No Action Taken.
Wed Nov 09 23:34:44 2005 => File C:\Programme\B5APPZ\0048\setup.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.612. No Action Taken.
Wed Nov 09 23:55:23 2005 => File C:\System Volume Information\_restore{4CB4962E-A602-4FC3-9E2D-BA722A073AFA}\RP1\A0001244.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Thu Nov 10 00:17:05 2005 => File C:\WINDOWS\system32\psexec.exe tagged as not-a-virus:RiskTool.Win32.PsExec.153. No Action Taken.
Thu Nov 10 00:17:05 2005 => File C:\WINDOWS\system32\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.e. No Action Taken.
Thu Nov 10 19:29:59 2005 => File C:\Programme\B5APPZ\0004\0004.exe tagged as not-a-virus:Server-FTP.Win32.BulletProof.230. No Action Taken.
Thu Nov 10 19:47:51 2005 => File C:\Programme\B5APPZ\0048\setup.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.612. No Action Taken.
Thu Nov 10 20:08:01 2005 => File C:\System Volume Information\_restore{4CB4962E-A602-4FC3-9E2D-BA722A073AFA}\RP1\A0001244.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Thu Nov 10 20:30:09 2005 => File C:\WINDOWS\system32\psexec.exe tagged as not-a-virus:RiskTool.Win32.PsExec.153. No Action Taken.
Thu Nov 10 20:30:10 2005 => File C:\WINDOWS\system32\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.e. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 23:04:24 2005 => Offending file found: C:\WINDOWS\popuper.exe
Wed Nov 09 23:04:24 2005 => Offending file found: C:\WINDOWS\sites.ini
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\empty.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\instsrv.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\intmon.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\msole32.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\ole32vbs.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\shnlog.exe
Thu Nov 10 19:18:53 2005 => Offending file found: C:\WINDOWS\system32\empty.exe
Thu Nov 10 19:18:53 2005 => Offending file found: C:\WINDOWS\system32\instsrv.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 10 00:23:12 2005 => Total Virus(es) Found: 31
Thu Nov 10 20:36:46 2005 => Total Virus(es) Found: 14
Thu Nov 10 00:23:12 2005 => Total Errors: 385
Thu Nov 10 20:36:46 2005 => Total Errors: 344
Thu Nov 10 00:23:12 2005 => Time Elapsed: 01:19:15
Thu Nov 10 20:36:47 2005 => Time Elapsed: 01:18:06
Thu Nov 10 00:23:12 2005 => Total Objects Scanned: 43225
Thu Nov 10 20:36:46 2005 => Total Objects Scanned: 41999
Wed Nov 09 23:01:44 2005 => Virus Database Date: 2005/11/07
Thu Nov 10 00:23:12 2005 => Virus Database Date: 2005/11/07
Thu Nov 10 01:42:00 2005 => Virus Database Date: 2005/11/07
Thu Nov 10 19:17:00 2005 => Virus Database Date: 2005/11/10
Thu Nov 10 20:36:47 2005 => Virus Database Date: 2005/11/10
Thu Nov 10 20:57:20 2005 => Virus Database Date: 2005/11/10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~
hoffe ich bin jetzt durch ???

Kann jetzt einer mit den Log´s was anfangen oder immer noch nicht ?
Wäre echt klasse ne Antwort darauf zu bekommen !

Nein, weil Du den escan mehrmals ausgeführt hast. Es ist damit nicht ersichtlich, was momentan noch vorhanden ist. Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Update escan nochmals. Danach führe den escan entsprechend der Anleitung nochmals aus. Poste dann des mit der find.bat erzeugte Log.