hijack ? ja oder nein
 

hallo Leute, hab hier ein HiJack Logfile und möchte die Fachleute mal bitten sich das kurz an zu schauen, der Desktop Hintergrund ist schwarz und mit einer roten Vieren Warnmeldung versehen, beim anklicken der Hintergrund Eigenschaften bekommt man nur Eigenschaften eines html.´s gezeigt, hab schon mit AdAware u Spybot nach gesehen, Spybot zeigt einen Smitfraud_C Virus an, hab auch schon im abgesichterten versucht den runter zu kriegen, 0 Chance...hab auch einige Einträge aus der Reg entfernt auch ne menge unter Zone Maps....habt Ihr die Lösung für mich ?

Logfile of HijackThis v1.99.1
Scan saved at 21:24:46, on 09.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Dokumente und Einstellungen\cc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q886164.dll
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Gruß novedas :confused:

Dann arbeite mal folgendes ab:

http://www.trojaner-board.de/showthread.php?t=21709

BTW:Ist der Log im normalen Modus erstellt worden?

@novedas

Poste mal dein komplette Log von normaler Modus

Gruss
Exoert

Hi, ich hatte es im abgesicherten Mod erstellt

Bin gerade die Schritt für Schritt Anleitung am durchgehen und mit E-Scan am scannen, hat schon 11 Verdächtige gefunden :daumenhoc

So, hier nun die 3 kompl. Logfiles im Normal Mod, die ich nach den Scan´s lt Anleitung wie hier in meinem Threat beschrieben durchgeführt habe. E-scan hat immer noch 8 gefunden, nun müßen die nur noch irgendwie runter,AdAware u Spybot haben nichts mehr gefunden(neuster Stand)
die Logs:

Logfile of HijackThis v1.99.1
Scan saved at 21:03:07, on 10.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Dokumente und Einstellungen\cc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q886164.dll
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

2:
[msvLclnt.dll] [0x00000560] 09/11/2005 23:01:05:172 :ModuleName = C:\Bases_X\mwavscan.com
[msvLclnt.dll] [0x00000560] 09/11/2005 23:01:05:182 :Registry Key Deleted Properly!!!
[msvLclnt.dll] [0x00000560] 09/11/2005 23:01:08:707 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x00000560] 09/11/2005 23:01:08:707 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x00000560] 09/11/2005 23:01:08:707 :TimeOut : ffffffff
[msvLclnt.dll] [0x00000560] 09/11/2005 23:01:08:707 :Priority : NORMAL
[msvLclnt.dll] [0x00000560] 09/11/2005 23:01:44:799 :VirusCount = 158608 Latest Date = 2005/11/07
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:03:09:521 :[00000001] File C:\WINDOWS\q886164.dll infected by Trojan-Downloader.Win32.Delf.h
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:03:32:484 :[00000001] File C:\WINDOWS\system32\wininet.dll infected by Virus.Win32.Nsag.a
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:03:48:286 :[00000001] File C:\WINDOWS\q886164.dll infected by Trojan-Downloader.Win32.Delf.h
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:17:07:175 :[00000001] File C:\Programme\B5APPZ\0004\0004.exe infected by not-a-virus:Server-FTP.Win32.BulletProof.230
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:34:44:846 :[00000001] File C:\Programme\B5APPZ\0048\setup.exe infected by not-a-virus:Client-IRC.Win32.mIRC.612
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:36:05:782 :[00000001] File C:\Programme\B5APPZ\0061\CrackSearcher.exe infected by HackTool.Win32.CrackSearch.a
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:47:58:687 :[00000001] File C:\RECYCLER\S-1-5-21-1060284298-789336058-839522115-1003\Dc231.so infected by Trojan.Win32.Small.ev
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:47:58:978 :[00000001] File C:\RECYCLER\S-1-5-21-1060284298-789336058-839522115-1003\Dc232.so infected by Trojan-Downloader.Win32.Small.bqx
[msvLclnt.dll] [0x000005c8] 09/11/2005 23:55:23:317 :[00000001] File C:\System Volume Information\_restore{4CB4962E-A602-4FC3-9E2D-BA722A073AFA}\RP1\A0001244.exe infected by not-a-virus:RemoteAdmin.Win32.WinVNC-based.h
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:07:34:578 :[00000001] File C:\WINDOWS\popuper.exe infected by Trojan.Win32.Puper.bi
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:15:34:839 :[00000001] File C:\WINDOWS\system32\hhk.dll infected by Trojan.Win32.Puper.bh
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:15:43:551 :[00000001] File C:\WINDOWS\system32\intell32.exe infected by Trojan-Downloader.Win32.Small.vu
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:15:43:882 :[00000001] File C:\WINDOWS\system32\intmon.exe infected by Trojan.Win32.Puper.bh
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:16:21:286 :[00000001] File C:\WINDOWS\system32\msole32.exe infected by not-virus:Hoax.Win32.Renos.q
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:16:43:558 :[00000001] File C:\WINDOWS\system32\ole32vbs.exe infected by Trojan.Win32.Favadd.aj
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:16:44:289 :[00000001] File C:\WINDOWS\system32\oleext.dll infected by Trojan.Win32.Promoter.c
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:16:44:449 :[00000001] File C:\WINDOWS\system32\oleext32.dll infected by Virus.Win32.Nsag.b
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:17:03:566 :[00000001] File C:\WINDOWS\system32\prflbmsgp32.dll infected by Trojan-Downloader.Win32.Delf.yb
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:17:05:369 :[00000001] File C:\WINDOWS\system32\psexec.exe infected by not-a-virus:RiskTool.Win32.PsExec.153
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:17:05:950 :[00000001] File C:\WINDOWS\system32\pskill.exe infected by not-a-virus:RiskTool.Win32.PsKill.e
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:17:26:740 :[00000001] File C:\WINDOWS\system32\shnlog.exe infected by Trojan.Win32.Puper.bh
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:18:23:171 :[00000001] File C:\WINDOWS\system32\wininet.dll infected by Virus.Win32.Nsag.a
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:20:07:501 :[00000001] File D:\Tools\Virus\hijackthis NEU\backups\backup-20051108-203754-449.dll infected by Trojan-Downloader.Win32.Delf.yb
[msvLclnt.dll] [0x000005c8] 10/11/2005 00:23:12:417 :VirusCount = 158608 Latest Date = 2005/11/07
[msvLclnt.dll] [0x00000560] 10/11/2005 01:42:00:516 :VirusCount = 158608 Latest Date = 2005/11/07
[msvLclnt.dll] [0x000007c8] 10/11/2005 19:16:53:186 :ModuleName = C:\Bases_X\mwavscan.com
[msvLclnt.dll] [0x000007c8] 10/11/2005 19:16:53:197 :Registry Key Deleted Properly!!!
[msvLclnt.dll] [0x000007c8] 10/11/2005 19:16:58:765 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x000007c8] 10/11/2005 19:16:58:775 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x000007c8] 10/11/2005 19:16:58:775 :TimeOut : ffffffff
[msvLclnt.dll] [0x000007c8] 10/11/2005 19:16:58:775 :Priority : NORMAL
[msvLclnt.dll] [0x000007c8] 10/11/2005 19:17:00:006 :VirusCount = 159192 Latest Date = 2005/11/10
[msvLclnt.dll] [0x000000e4] 10/11/2005 19:17:57:449 :[00000001] File C:\WINDOWS\q886164.dll infected by Trojan-Downloader.Win32.Delf.h
[msvLclnt.dll] [0x000000e4] 10/11/2005 19:18:23:426 :[00000001] File C:\WINDOWS\q886164.dll infected by Trojan-Downloader.Win32.Delf.h
[msvLclnt.dll] [0x000000e4] 10/11/2005 19:29:59:427 :[00000001] File C:\Programme\B5APPZ\0004\0004.exe infected by not-a-virus:Server-FTP.Win32.BulletProof.230
[msvLclnt.dll] [0x000000e4] 10/11/2005 19:47:51:919 :[00000001] File C:\Programme\B5APPZ\0048\setup.exe infected by not-a-virus:Client-IRC.Win32.mIRC.612
[msvLclnt.dll] [0x000000e4] 10/11/2005 19:49:13:557 :[00000001] File C:\Programme\B5APPZ\0061\CrackSearcher.exe infected by HackTool.Win32.CrackSearch.a
[msvLclnt.dll] [0x000000e4] 10/11/2005 20:08:01:679 :[00000001] File C:\System Volume Information\_restore{4CB4962E-A602-4FC3-9E2D-BA722A073AFA}\RP1\A0001244.exe infected by not-a-virus:RemoteAdmin.Win32.WinVNC-based.h
[msvLclnt.dll] [0x000000e4] 10/11/2005 20:29:47:757 :[00000001] File C:\WINDOWS\system32\oleext32.dll infected by Virus.Win32.Nsag.b
[msvLclnt.dll] [0x000000e4] 10/11/2005 20:30:07:655 :[00000001] File C:\WINDOWS\system32\prflbmsgp32.dll infected by Trojan-Downloader.Win32.Delf.yb
[msvLclnt.dll] [0x000000e4] 10/11/2005 20:30:09:578 :[00000001] File C:\WINDOWS\system32\psexec.exe infected by not-a-virus:RiskTool.Win32.PsExec.153
[msvLclnt.dll] [0x000000e4] 10/11/2005 20:30:10:099 :[00000001] File C:\WINDOWS\system32\pskill.exe infected by not-a-virus:RiskTool.Win32.PsKill.e
[msvLclnt.dll] [0x000000e4] 10/11/2005 20:31:28:782 :[00000001] File C:\WINDOWS\system32\wininet.old infected by Virus.Win32.Nsag.a
[msvLclnt.dll] [0x000000e4] 10/11/2005 20:33:15:155 :[00000001] File D:\Tools\Virus\hijackthis NEU\backups\backup-20051108-203754-449.dll infected by Trojan-Downloader.Win32.Delf.yb
[msvLclnt.dll] [0x000000e4] 10/11/2005 20:36:47:070 :VirusCount = 159192 Latest Date = 2005/11/10
[msvLclnt.dll] [0x000007c8] 10/11/2005 20:57:20:173 :VirusCount = 159192 Latest Date = 2005/11/10

3:

smitRem © log file
version 2.7

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key present!



Running LTDFix/PSGuard.com fix!



PSGuard.com key was successfully removed! :)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

shopping


~~~ system32 folder ~~~

intell32.exe
oleext.dll
wp.bmp
ole32vbs.exe
msole32.exe
shnlog.exe
intmon.exe
hhk.dll
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~

sites.ini
popuper.exe


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

wininet.dll INFECTED!! :( Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

~~~ Replaced wininet.dll from dllcache ~~~



~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll not present!


~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! :) ~~~~

so, das war alles (hat ja auch lang genug gedauert) ich hoffe IHR könnt mir helfen den Restmüll noch zu entsorgen :daumenhoc

Und wo ist das mit der find.bat erzeugte Ergebnis des esan.

Hab ich doch gepostet an Stelle Nr. 2:
Das HiJack Logfile hab ich doch beachtet und mit *** editiert

Gruß novedas

XXX hab das MWAV.LOG übersehen, da ist ja noch eins, kann ich das hier überhaupt posten ? das hat 5,71 MB ? :schmoll:

Lese die Anweisungen zur find.bat:

http://www.trojaner-board.de/showthread.php?t=17492

[5]

O.K.
hat geklappt, sieht mit 9 kb schon besser aus.

Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 23:03:31 2005 => File C:\WINDOWS\q886164.dll infected by "Trojan-Downloader.Win32.Delf.h" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:03:32 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:03:48 2005 => File C:\WINDOWS\q886164.dll infected by "Trojan-Downloader.Win32.Delf.h" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:04:24 2005 => System found infected with popuper Spyware/Adware (popuper.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:24 2005 => System found infected with smitfraud Spyware/Adware (sites.ini)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with conducent flexpak Spyware/Adware (empty.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with ezula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with smitfraud Spyware/Adware (intmon.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with smitfraud Spyware/Adware (msole32.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with smitfraud Spyware/Adware (ole32vbs.exe)! Action taken: No Action Taken.
Wed Nov 09 23:04:25 2005 => System found infected with smitfraud Spyware/Adware (shnlog.exe)! Action taken: No Action Taken.
Wed Nov 09 23:36:05 2005 => File C:\Programme\B5APPZ\0061\CrackSearcher.exe infected by "HackTool.Win32.CrackSearch.a" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:47:58 2005 => File C:\RECYCLER\S-1-5-21-1060284298-789336058-839522115-1003\Dc231.so infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
Wed Nov 09 23:47:58 2005 => File C:\RECYCLER\S-1-5-21-1060284298-789336058-839522115-1003\Dc232.so infected by "Trojan-Downloader.Win32.Small.bqx" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:07:34 2005 => File C:\WINDOWS\popuper.exe infected by "Trojan.Win32.Puper.bi" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:15:34 2005 => File C:\WINDOWS\system32\hhk.dll infected by "Trojan.Win32.Puper.bh" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:15:43 2005 => File C:\WINDOWS\system32\intell32.exe infected by "Trojan-Downloader.Win32.Small.vu" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:15:43 2005 => File C:\WINDOWS\system32\intmon.exe infected by "Trojan.Win32.Puper.bh" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:16:21 2005 => File C:\WINDOWS\system32\msole32.exe infected by "not-virus:Hoax.Win32.Renos.q" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:16:43 2005 => File C:\WINDOWS\system32\ole32vbs.exe infected by "Trojan.Win32.Favadd.aj" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:16:44 2005 => File C:\WINDOWS\system32\oleext.dll infected by "Trojan.Win32.Promoter.c" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:16:44 2005 => File C:\WINDOWS\system32\oleext32.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:17:03 2005 => File C:\WINDOWS\system32\prflbmsgp32.dll infected by "Trojan-Downloader.Win32.Delf.yb" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:17:26 2005 => File C:\WINDOWS\system32\shnlog.exe infected by "Trojan.Win32.Puper.bh" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:18:23 2005 => File C:\WINDOWS\system32\wininet.dll infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:20:07 2005 => File D:\Tools\Virus\hijackthis NEU\backups\backup-20051108-203754-449.dll infected by "Trojan-Downloader.Win32.Delf.yb" Virus! Action Taken: No Action Taken.
Thu Nov 10 00:23:12 2005 => Total Disinfected Files: 0
Thu Nov 10 19:18:05 2005 => File C:\WINDOWS\q886164.dll infected by "Trojan-Downloader.Win32.Delf.h" Virus! Action Taken: No Action Taken.
Thu Nov 10 19:18:23 2005 => File C:\WINDOWS\q886164.dll infected by "Trojan-Downloader.Win32.Delf.h" Virus! Action Taken: No Action Taken.
Thu Nov 10 19:18:53 2005 => System found infected with conducent flexpak Spyware/Adware (empty.exe)! Action taken: No Action Taken.
Thu Nov 10 19:18:53 2005 => System found infected with ezula Spyware/Adware (instsrv.exe)! Action taken: No Action Taken.
Thu Nov 10 19:49:13 2005 => File C:\Programme\B5APPZ\0061\CrackSearcher.exe infected by "HackTool.Win32.CrackSearch.a" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:29:47 2005 => File C:\WINDOWS\system32\oleext32.dll infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:30:07 2005 => File C:\WINDOWS\system32\prflbmsgp32.dll infected by "Trojan-Downloader.Win32.Delf.yb" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:31:28 2005 => File C:\WINDOWS\system32\wininet.old infected by "Virus.Win32.Nsag.a" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:33:15 2005 => File D:\Tools\Virus\hijackthis NEU\backups\backup-20051108-203754-449.dll infected by "Trojan-Downloader.Win32.Delf.yb" Virus! Action Taken: No Action Taken.
Thu Nov 10 20:36:46 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 23:17:07 2005 => File C:\Programme\B5APPZ\0004\0004.exe tagged as not-a-virus:Server-FTP.Win32.BulletProof.230. No Action Taken.
Wed Nov 09 23:34:44 2005 => File C:\Programme\B5APPZ\0048\setup.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.612. No Action Taken.
Wed Nov 09 23:55:23 2005 => File C:\System Volume Information\_restore{4CB4962E-A602-4FC3-9E2D-BA722A073AFA}\RP1\A0001244.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Thu Nov 10 00:17:05 2005 => File C:\WINDOWS\system32\psexec.exe tagged as not-a-virus:RiskTool.Win32.PsExec.153. No Action Taken.
Thu Nov 10 00:17:05 2005 => File C:\WINDOWS\system32\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.e. No Action Taken.
Thu Nov 10 19:29:59 2005 => File C:\Programme\B5APPZ\0004\0004.exe tagged as not-a-virus:Server-FTP.Win32.BulletProof.230. No Action Taken.
Thu Nov 10 19:47:51 2005 => File C:\Programme\B5APPZ\0048\setup.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.612. No Action Taken.
Thu Nov 10 20:08:01 2005 => File C:\System Volume Information\_restore{4CB4962E-A602-4FC3-9E2D-BA722A073AFA}\RP1\A0001244.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC-based.h. No Action Taken.
Thu Nov 10 20:30:09 2005 => File C:\WINDOWS\system32\psexec.exe tagged as not-a-virus:RiskTool.Win32.PsExec.153. No Action Taken.
Thu Nov 10 20:30:10 2005 => File C:\WINDOWS\system32\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.e. No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Nov 09 23:04:24 2005 => Offending file found: C:\WINDOWS\popuper.exe
Wed Nov 09 23:04:24 2005 => Offending file found: C:\WINDOWS\sites.ini
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\empty.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\instsrv.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\intmon.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\msole32.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\ole32vbs.exe
Wed Nov 09 23:04:25 2005 => Offending file found: C:\WINDOWS\system32\shnlog.exe
Thu Nov 10 19:18:53 2005 => Offending file found: C:\WINDOWS\system32\empty.exe
Thu Nov 10 19:18:53 2005 => Offending file found: C:\WINDOWS\system32\instsrv.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thu Nov 10 00:23:12 2005 => Total Virus(es) Found: 31
Thu Nov 10 20:36:46 2005 => Total Virus(es) Found: 14
Thu Nov 10 00:23:12 2005 => Total Errors: 385
Thu Nov 10 20:36:46 2005 => Total Errors: 344
Thu Nov 10 00:23:12 2005 => Time Elapsed: 01:19:15
Thu Nov 10 20:36:47 2005 => Time Elapsed: 01:18:06
Thu Nov 10 00:23:12 2005 => Total Objects Scanned: 43225
Thu Nov 10 20:36:46 2005 => Total Objects Scanned: 41999
Wed Nov 09 23:01:44 2005 => Virus Database Date: 2005/11/07
Thu Nov 10 00:23:12 2005 => Virus Database Date: 2005/11/07
Thu Nov 10 01:42:00 2005 => Virus Database Date: 2005/11/07
Thu Nov 10 19:17:00 2005 => Virus Database Date: 2005/11/10
Thu Nov 10 20:36:47 2005 => Virus Database Date: 2005/11/10
Thu Nov 10 20:57:20 2005 => Virus Database Date: 2005/11/10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~
hoffe ich bin jetzt durch ??? :heulen:

Kann jetzt einer mit den Log´s was anfangen oder immer noch nicht ?
Wäre echt klasse ne Antwort darauf zu bekommen !

Nein, weil Du den escan mehrmals ausgeführt hast. Es ist damit nicht ersichtlich, was momentan noch vorhanden ist. Lösche im Verzeichnis c:\bases_x die Datei mwav.log. Update escan nochmals. Danach führe den escan entsprechend der Anleitung nochmals aus. Poste dann des mit der find.bat erzeugte Log.