Verdächtiges BHO lässt sich nicht löschenThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
02.09.2006, 16:45
Member
Beiträge: 33 |
||
|
||
04.09.2006, 13:11
Ehrenmitglied
Beiträge: 29434 |
#2
Zitat {DA39029C-D291-A968-3FF4-D0990D5CB5FC}stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.09.2006, 22:32
Member
Themenstarter Beiträge: 33 |
#3
Hier die Dateien:
________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 4049-1A01 Verzeichnis von C:\WINDOWS\system32 04.09.2006 22:22 13.700 wpa.dbl 20.08.2006 23:31 7.006 jupdate-1.5.0_06-b05.log 20.08.2006 20:35 10.752 mstinit.exe 20.08.2006 20:35 265.216 mstask.dll 20.08.2006 20:35 173.568 schedsvc.dll 20.08.2006 12:42 153.976 FNTCACHE.DAT 18.08.2006 23:35 40.128 perfc009.dat 18.08.2006 23:35 48.354 perfc007.dat 18.08.2006 23:35 316.924 perfh007.dat 18.08.2006 23:35 311.740 perfh009.dat 18.08.2006 23:35 723.744 PerfStringBackup.INI 09.08.2006 12:03 8.325.544 MRT.exe 04.08.2006 20:06 463.360 URLMON.DLL 21.07.2006 10:29 72.704 hlink.dll 18.07.2006 19:31 9.557 vgl.log 18.07.2006 18:00 172.032 cncs32.dll 18.07.2006 17:10 917.504 FLASH.OCX 14.07.2006 17:57 307.200 netapi32.dll 14.07.2006 17:36 519.168 hhctrl.ocx 13.07.2006 15:50 8.394.240 shell32.dll 13.07.2006 10:51 612.864 xpsp2res.dll 05.07.2006 12:53 1.002.496 kernel32.dll 30.06.2006 10:51 2.703.872 MSHTML.DLL 26.06.2006 19:47 6.144 rasadhlp.dll 26.06.2006 19:47 140.288 dnsapi.dll 23.06.2006 13:27 582.144 WININET.DLL 22.06.2006 12:59 169.984 rasmans.dll 19.06.2006 16:20 702.768 WgaLogon.dll 19.06.2006 16:19 571.184 LegitCheckControl.dll 19.06.2006 16:19 304.944 WgaTray.exe 13.06.2006 18:08 552 d3d8caps.dat 09.06.2006 14:35 351.744 DXTMSFT.DLL 09.06.2006 14:35 192.512 DXTRANS.DLL 02.06.2006 11:04 57.384 avsda.dll _________________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 4049-1A01 Verzeichnis von C:\DOKUME~1\(mein Name)\LOKALE~1\Temp _______________________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 4049-1A01 Verzeichnis von C:\WINDOWS 04.09.2006 22:23 1.780 win.ini 04.09.2006 22:22 0 0.log 04.09.2006 22:22 159 wiadebug.log 04.09.2006 22:22 2.048 bootstat.dat 03.09.2006 23:29 1.267.340 WindowsUpdate.log 03.09.2006 23:29 32.626 SchedLgU.Txt 03.09.2006 23:29 50 wiaservc.log 03.09.2006 13:35 54.156 QTFont.qfn 03.09.2006 13:35 1.409 QTFont.for 03.09.2006 12:39 212.537 setupact.log 02.09.2006 23:53 285.290 setupapi.log 02.09.2006 20:54 1.174 OEWABLog.txt 02.09.2006 20:54 160.993 wmsetup.log 02.09.2006 15:56 3.295 tm.ini 02.09.2006 14:14 223.241 Directx.log 01.09.2006 21:30 8.446 svcpack.log 29.08.2006 17:24 62.699 KB918899-IE6SP1-20060725.123917.log 29.08.2006 17:24 40.253 updspapi.log 20.08.2006 22:52 2.904 mozver.dat 20.08.2006 20:58 86.767 iis6.log 20.08.2006 20:58 556.265 FaxSetup.log 20.08.2006 20:58 289.884 ocgen.log 20.08.2006 20:58 198.064 comsetup.log 20.08.2006 20:58 118.362 ntdtcsetup.log 20.08.2006 20:58 1.374 imsins.log 20.08.2006 20:58 217.750 tsoc.log 20.08.2006 20:58 19.848 ocmsn.log 20.08.2006 20:58 15.246 KB840987.log 20.08.2006 20:58 27.844 msgsocm.log 20.08.2006 20:57 16.985 xpsp1hfm.log 20.08.2006 20:57 6.026 KB840374.log 20.08.2006 20:57 1.374 imsins.BAK 20.08.2006 20:57 9.881 KB841356.log 20.08.2006 20:56 5.145 KB839645.log 20.08.2006 20:56 9.946 KB871250.log 20.08.2006 20:55 4.725 KB833987.log 20.08.2006 20:55 10.499 KB841873.log 20.08.2006 20:55 9.028 KB873376.log 20.08.2006 20:55 9.649 KB841533.log 20.08.2006 19:14 287.646 ntbtlog.txt 20.08.2006 12:42 2.151 spupdsvc.log 20.08.2006 12:38 74.290 KB922616.log 20.08.2006 12:38 77.224 KB921398.log 20.08.2006 12:37 72.014 KB920683.log 20.08.2006 12:36 72.066 KB920670.log 20.08.2006 12:36 71.545 KB917422.log 20.08.2006 12:35 65.870 KB921883.log 20.08.2006 12:34 68.021 KB917159.log 20.08.2006 12:33 68.429 KB914388.log 20.08.2006 12:33 43.742 WgaNotify.log 20.08.2006 12:32 56.183 KB911280.log 20.08.2006 12:32 33.987 KB833407.log 20.08.2006 12:31 46.806 KB917953.log 20.08.2006 12:31 48.630 KB913580.log 20.08.2006 12:30 33.397 KB914798.log 20.08.2006 12:29 47.204 KB917344.log 20.08.2006 12:28 30.258 KB918439-IE6SP1-20060530.145346.log 20.08.2006 12:28 49.205 KB914389.log 20.08.2006 12:26 33.177 KB917734.log 20.08.2006 12:25 50.601 KB908531.log 20.08.2006 12:24 48.313 KB911562.log 20.08.2006 12:24 32.239 KB911567-OE6SP1-20060316.165634.log 20.08.2006 12:23 32.863 KB911564.log 20.08.2006 12:22 48.696 KB911927.log 20.08.2006 12:22 44.779 KB912919.log 20.08.2006 12:21 44.040 KB908519.log 20.08.2006 12:21 33.855 KB910437.log 20.08.2006 12:20 40.558 KB835409.log 20.08.2006 12:20 46.731 KB896424.log 20.08.2006 12:19 45.147 KB900725.log 20.08.2006 12:19 37.015 KB905495.log 20.08.2006 12:18 39.363 KB905749.log 20.08.2006 12:18 25.097 KB904706.log 20.08.2006 12:17 39.232 KB905414.log 20.08.2006 12:17 40.047 KB901017.log 20.08.2006 12:17 42.066 KB902400.log 20.08.2006 12:15 30.281 KB896423.log 20.08.2006 12:14 33.009 KB899587.log 20.08.2006 12:13 31.999 KB899591.log 20.08.2006 12:13 32.165 KB893756.log 20.08.2006 12:12 31.470 KB896358.log 20.08.2006 12:11 30.385 KB890859.log 20.08.2006 12:09 27.074 KB901214.log 20.08.2006 12:09 25.287 KB896428.log 20.08.2006 12:08 27.533 KB890046.log 20.08.2006 12:07 29.511 KB885835.log 20.08.2006 12:05 22.316 KB891781.log 20.08.2006 12:04 21.560 KB888302.log 20.08.2006 12:04 23.458 KB885836.log 20.08.2006 12:03 22.565 KB873339.log 20.08.2006 09:46 27.629 KB823980.log 20.08.2006 09:45 629 avmcoins.log 20.08.2006 09:43 2.484 F-Lovsan.log 19.08.2006 23:14 6.739 WGA.log 19.08.2006 14:56 6.395 KB842773.log 19.08.2006 14:55 8.694 KB893803v2.log 19.08.2006 14:54 7.245 KB898461.log 19.08.2006 14:46 3.207 tpl.cfg 19.08.2006 14:46 1.287 ISISAIM.INI 19.08.2006 11:19 0 nsreg.dat 18.08.2006 23:39 64 wininit.ini 18.08.2006 23:39 840 SIERRA.INI 18.08.2006 22:40 247 system.ini 13.08.2006 13:33 26 ms_shell.ini 21.07.2006 13:19 500 GEARInstall.log 20.07.2006 22:54 4.096 d3dx.dat 18.07.2006 18:00 18 gfact.ini 17.07.2006 14:37 89 vpetting.ini 09.07.2006 17:42 300 CDCOPS.XCP 26.06.2006 20:36 479 qtw.ini 20.05.2006 18:32 316.640 WMSysPr9.prx 18.05.2006 16:54 580 CrypTool.INI _______________________________ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 4049-1A01 Verzeichnis von C:\ 04.09.2006 22:28 14.300 system.txt 04.09.2006 22:28 0 sys.txt 04.09.2006 22:28 136 systemtemp.txt 04.09.2006 22:28 96.728 system32.txt 04.09.2006 22:22 435.736.576 hiberfil.sys 04.09.2006 22:22 603.979.776 pagefile.sys 02.09.2006 16:29 137 ComboFix.txt 06.05.2004 21:50 0 MSDOS.SYS 06.05.2004 21:50 0 CONFIG.SYS 06.05.2004 21:50 0 AUTOEXEC.BAT 06.05.2004 21:50 0 IO.SYS 06.05.2004 21:43 194 boot.ini 02.04.2003 12:00 4.952 bootfont.bin 02.04.2003 12:00 47.580 NTDETECT.COM 02.04.2003 12:00 235.296 ntldr 15 Datei(en) 1.040.115.675 Bytes 0 Verzeichnis(se), 7.104.954.368 Bytes frei ________________________ Hier also die vier Files. Ich habe nur einmal meinen Namen gelöscht. Vielen Dank für deine Hilfe!!! mfg Murmeltier |
|
|
||
04.09.2006, 23:17
Ehrenmitglied
Beiträge: 29434 |
#4
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\mstinit.exe C:\WINDOWS\system32\mstask.dll C:\WINDOWS\system32\schedsvc.dll C:\WINDOWS\system32\cncs32.dll poste die reporte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.09.2006, 18:30
Member
Themenstarter Beiträge: 33 |
#5
Hier sind die Dateien (hatte gestern keine Zeit mehr):
_______________________ Complete scanning result of "mstinit.exe", received in VirusTotal at 09.05.2006, 16:55:37 (CET). Antivirus Version Update Result AntiVir 7.1.1.11 09.05.2006 no virus found Authentium 4.93.8 09.03.2006 no virus found Avast 4.7.844.0 09.04.2006 no virus found AVG 386 09.04.2006 no virus found BitDefender 7.2 09.05.2006 no virus found CAT-QuickHeal 8.00 09.05.2006 no virus found ClamAV devel-20060426 09.05.2006 no virus found DrWeb 4.33 09.05.2006 no virus found eTrust-InoculateIT 23.72.115 09.04.2006 no virus found eTrust-Vet 30.3.3063 09.05.2006 no virus found Ewido 4.0 09.05.2006 no virus found Fortinet 2.77.0.0 09.04.2006 no virus found F-Prot 3.16f 09.04.2006 no virus found F-Prot4 4.2.1.29 09.04.2006 no virus found Ikarus 0.2.65.0 09.05.2006 no virus found Kaspersky 4.0.2.24 09.05.2006 no virus found McAfee 4844 09.04.2006 no virus found Microsoft 1.1560 09.05.2006 no virus found NOD32v2 1.1739 09.04.2006 no virus found Norman 5.90.23 09.05.2006 no virus found Panda 9.0.0.4 09.04.2006 no virus found Sophos 4.09.0 09.05.2006 no virus found Symantec 8.0 09.05.2006 no virus found TheHacker 5.9.8.204 09.04.2006 no virus found UNA 1.83 09.05.2006 no virus found VBA32 3.11.1 09.04.2006 no virus found VirusBuster 4.3.7:9 09.05.2006 no virus found Aditional Information File size: 10752 bytes MD5: d0f56ca603ca3fcb7ec9f99f000b1efb SHA1: b47c2bea3c9f110dac91350bbc8d0fde00f99bfb _____________________________________ Complete scanning result of "mstask.dll", received in VirusTotal at 09.05.2006, 17:11:10 (CET). Antivirus Version Update Result AntiVir 7.1.1.11 09.05.2006 no virus found Authentium 4.93.8 09.03.2006 no virus found Avast 4.7.844.0 09.04.2006 no virus found AVG 386 09.04.2006 no virus found BitDefender 7.2 09.05.2006 no virus found CAT-QuickHeal 8.00 09.05.2006 no virus found ClamAV devel-20060426 09.05.2006 no virus found DrWeb 4.33 09.05.2006 no virus found eTrust-InoculateIT 23.72.115 09.04.2006 no virus found eTrust-Vet 30.3.3063 09.05.2006 no virus found Ewido 4.0 09.05.2006 no virus found Fortinet 2.77.0.0 09.04.2006 no virus found F-Prot 3.16f 09.04.2006 no virus found F-Prot4 4.2.1.29 09.04.2006 no virus found Ikarus 0.2.65.0 09.05.2006 no virus found Kaspersky 4.0.2.24 09.05.2006 no virus found McAfee 4844 09.04.2006 no virus found Microsoft 1.1560 09.05.2006 no virus found NOD32v2 1.1739 09.04.2006 no virus found Norman 5.90.23 09.05.2006 no virus found Panda 9.0.0.4 09.04.2006 no virus found Sophos 4.09.0 09.05.2006 no virus found Symantec 8.0 09.05.2006 no virus found TheHacker 5.9.8.204 09.04.2006 no virus found UNA 1.83 09.05.2006 no virus found VBA32 3.11.1 09.04.2006 no virus found VirusBuster 4.3.7:9 09.05.2006 no virus found Aditional Information File size: 265216 bytes MD5: eaee060c6d66fa7309f7d68271c6ae8a SHA1: adf8ed1b306040545abd33677d1579b1e2df4aac _____________________________ Complete scanning result of "schedsvc.dll", received in VirusTotal at 09.05.2006, 17:37:45 (CET). Antivirus Version Update Result AntiVir 7.1.1.11 09.05.2006 no virus found Authentium 4.93.8 09.03.2006 no virus found Avast 4.7.844.0 09.04.2006 no virus found AVG 386 09.04.2006 no virus found BitDefender 7.2 09.05.2006 no virus found CAT-QuickHeal 8.00 09.05.2006 no virus found ClamAV devel-20060426 09.05.2006 no virus found DrWeb 4.33 09.05.2006 no virus found eTrust-InoculateIT 23.72.115 09.04.2006 no virus found eTrust-Vet 30.3.3063 09.05.2006 no virus found Ewido 4.0 09.05.2006 no virus found Fortinet 2.77.0.0 09.04.2006 no virus found F-Prot 3.16f 09.04.2006 no virus found F-Prot4 4.2.1.29 09.04.2006 no virus found Ikarus 0.2.65.0 09.05.2006 no virus found Kaspersky 4.0.2.24 09.05.2006 no virus found McAfee 4844 09.04.2006 no virus found Microsoft 1.1560 09.05.2006 no virus found NOD32v2 1.1739 09.04.2006 no virus found Norman 5.90.23 09.05.2006 no virus found Panda 9.0.0.4 09.05.2006 no virus found Sophos 4.09.0 09.05.2006 no virus found Symantec 8.0 09.05.2006 no virus found TheHacker 5.9.8.204 09.04.2006 no virus found UNA 1.83 09.05.2006 no virus found VBA32 3.11.1 09.04.2006 no virus found VirusBuster 4.3.7:9 09.05.2006 no virus found Aditional Information File size: 173568 bytes MD5: a8ea74a4680e7e738dc64c5104f99bac SHA1: 65f1475c841cade6764f94cbe947fba5e63fd0b7 ____________________________________ Complete scanning result of "cncs32.dll", received in VirusTotal at 09.05.2006, 18:16:01 (CET). Antivirus Version Update Result AntiVir 7.1.1.11 09.05.2006 no virus found Authentium 4.93.8 09.03.2006 no virus found Avast 4.7.844.0 09.04.2006 no virus found AVG 386 09.04.2006 no virus found BitDefender 7.2 09.05.2006 no virus found CAT-QuickHeal 8.00 09.05.2006 no virus found ClamAV devel-20060426 09.05.2006 no virus found DrWeb 4.33 09.05.2006 no virus found eTrust-InoculateIT 23.72.115 09.04.2006 no virus found eTrust-Vet 30.3.3063 09.05.2006 no virus found Ewido 4.0 09.05.2006 no virus found Fortinet 2.77.0.0 09.04.2006 no virus found F-Prot 3.16f 09.04.2006 no virus found F-Prot4 4.2.1.29 09.04.2006 no virus found Ikarus 0.2.65.0 09.05.2006 no virus found Kaspersky 4.0.2.24 09.05.2006 no virus found McAfee 4845 09.05.2006 no virus found Microsoft 1.1560 09.05.2006 no virus found NOD32v2 1.1740 09.05.2006 no virus found Norman 5.90.23 09.05.2006 no virus found Panda 9.0.0.4 09.05.2006 no virus found Sophos 4.09.0 09.05.2006 no virus found Symantec 8.0 09.05.2006 no virus found TheHacker 5.9.8.204 09.04.2006 no virus found UNA 1.83 09.05.2006 no virus found VBA32 3.11.1 09.04.2006 no virus found VirusBuster 4.3.7:9 09.05.2006 no virus found Aditional Information File size: 172032 bytes MD5: 40c67b4b7ed094f6dab4948aac367959 SHA1: ff61f1b608f2ec7dc981f4ab255b21ba02f69e5e __________________ Das war's... er hat wohl nix gefunden mfg Murmeltier |
|
|
||
06.09.2006, 01:15
Ehrenmitglied
Beiträge: 29434 |
#6
F-Secure Online Scanner Next Generation Beta
http://support.f-secure.com/enu/home/ols3.shtml 1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta". 2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.09.2006, 13:17
Member
Themenstarter Beiträge: 33 |
#7
Scanning Report
Wednesday, September 06, 2006 12:24:19 - 13:14:41 Computer name: P-KBNXL9TZ2C2RV Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ E:\ Result: 4 malware found Alexa (spyware) * System (Disinfected) BrilliantDigital (spyware) * System (Disinfected) Tracking Cookie (spyware) * System (Disinfected) * System Statistics Scanned: * Files: 23835 * System: 8369 * Not scanned: 4 Actions: * Disinfected: 3 * Renamed: 0 * Deleted: 0 * None: 1 * Submitted: 0 Files not scanned: * C:\PAGEFILE.SYS * C:\HIBERFIL.SYS * C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1D9614D4-41D0-4D34-9689-072F412A6A0F}.BIN * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Options Scanning engines: * F-Secure AVP: 6.0.171, 2006-09-06 * F-Secure Libra: 2.4.1, 2006-09-05 * F-Secure Orion: 1.2.37, 2006-09-05 * F-Secure Blacklight: 1.0.31, 0000-00-00 * F-Secure Pegasus: 1.19.0, 2006-07-30 * F-Secure Draco: 1.0.35, 0259-24-212 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX * Use Advanced heuristics _____________ Also, offenbar war doch was da... mfg Murmeltier |
|
|
||
06.09.2006, 13:24
Ehrenmitglied
Beiträge: 29434 |
#8
1.
scanne mit Sophos und trendmicro und poste beide scanreporte http://virus-protect.org/multiavtool.html 2. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) {DA39029C-D291-A968-3FF4-D0990D5CB5FC} in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.09.2006, 19:45
Member
Themenstarter Beiträge: 33 |
#9
Hi!
Vielen Dank bis hierher! Hier die Scanergebnisse: _____________________________________ Sophos Anti-Virus Version 4.09.0 [Win32/Intel] Virus data version 4.09, September 2006 Includes detection for 187561 viruses, trojans and worms Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 17:36:07, System date 06 September 2006 Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet IDE directory is: c:\AV-CLS\Sophos Using IDE file vanebo-j.ide Using IDE file zlobec.ide Using IDE file dloa-amj.ide Using IDE file dowdec-e.ide Using IDE file tileb-go.ide Using IDE file strat-r.ide Using IDE file narcha-a.ide Using IDE file ds060905.ide Using IDE file tileb-fr.ide Using IDE file dloa-amm.ide Using IDE file rbot-fll.ide Using IDE file silly-c.ide Using IDE file dowdec-d.ide Using IDE file bombka-l.ide Using IDE file vanegen.ide Using IDE file medbot-b.ide Using IDE file toyep-a.ide Using IDE file qqpa-afn.ide Using IDE file poebo-iu.ide Using IDE file dowdec-c.ide Using IDE file banl-amu.ide Using IDE file strat-p.ide Using IDE file vanebo-i.ide Using IDE file ds060901.ide Using IDE file crybotc.ide Using IDE file zlobat.ide Using IDE file kwbot-l.ide Using IDE file glupzy-a.ide Using IDE file dwnl-ffo.ide Using IDE file ds060831.ide Using IDE file smdldr-l.ide Using IDE file haxdo-dc.ide Using IDE file looked-l.ide Using IDE file dowdec-b.ide Using IDE file banc-aup.ide Using IDE file smdldr-n.ide Using IDE file ds060830.ide Using IDE file dload-yt.ide Using IDE file ghgho-bh.ide Using IDE file tileb-gm.ide Using IDE file womble-b.ide Using IDE file womble-a.ide Using IDE file ds060829.ide Using IDE file clagg-ab.ide Using IDE file bank-dix.ide Using IDE file puce-h.ide Using IDE file torpi-bh.ide Using IDE file bckd-mli.ide Using IDE file vanebo-g.ide Using IDE file vanebo-f.ide Using IDE file strati-i.ide Using IDE file strati-g.ide Using IDE file wowpws-o.ide Using IDE file strati-h.ide Using IDE file alcra-e.ide Using IDE file goldu-dz.ide Using IDE file tileb-gi.ide Using IDE file banc-aun.ide Using IDE file smoodo-b.ide Using IDE file vanebo-c.ide Using IDE file feebs-be.ide Using IDE file stratn-e.ide Using IDE file dwnl-fdt.ide Using IDE file loot-bf.ide Using IDE file strati-d.ide Using IDE file rbot-fkt.ide Using IDE file sdbo-bay.ide Using IDE file rbot-fkr.ide Using IDE file zapch-bx.ide Using IDE file dloa-ama.ide Using IDE file flecsi-k.ide Using IDE file rbot-fkq.ide Using IDE file ds060822.ide Using IDE file zlob-rf.ide Using IDE file opnis-c.ide Using IDE file smal-coa.ide Using IDE file cosiam-l.ide Using IDE file keylo-hd.ide Using IDE file strati-b.ide Using IDE file cosiam-k.ide Using IDE file vanebota.ide Using IDE file medbot-e.ide Using IDE file borob-ab.ide Using IDE file rbot-ewd.ide Using IDE file dnsbus-n.ide Using IDE file ds060818.ide Using IDE file vbsillyb.ide Using IDE file zlob-cn.ide Using IDE file looked-i.ide Using IDE file fanbot-d.ide Using IDE file clagg-aa.ide Using IDE file clagge-z.ide Using IDE file haxdo-dt.ide Using IDE file banl-ama.ide Using IDE file salit-aa.ide Using IDE file ldpin-op.ide Using IDE file dloa-alm.ide Using IDE file bobax-dz.ide Using IDE file bank-czp.ide Using IDE file looked-h.ide Using IDE file haxdo-da.ide Using IDE file mytob-p.ide Using IDE file mytob-m.ide Using IDE file strati-a.ide Using IDE file spydld-j.ide Using IDE file kuku-fam.ide Using IDE file bront-bj.ide Using IDE file tileb-gh.ide Using IDE file goldu-dv.ide Using IDE file ds060814.ide Using IDE file kuku-b.ide Using IDE file zlob-qv.ide Using IDE file poebo-hv.ide Using IDE file cuebot-l.ide Using IDE file virut-a.ide Using IDE file bront-bh.ide Using IDE file sdbo-dtm.ide Using IDE file banc-atd.ide Using IDE file dloa-alc.ide Using IDE file ircbo-pf.ide Full Scanning Could not open c:\WINDOWS\system32\config\system.LOG Could not open c:\WINDOWS\Temp\Perflib_Perfdata_704.dat Password protected file c:\WINDOWS\Cache\Adobe Reader 6\Data1.cab\RdrMsgENU.pdf Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\Leonhard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open c:\Dokumente und Einstellungen\Leonhard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Aborted checking c:\Dokumente und Einstellungen\Leonhard\Eigene Dateien\ChessBase\Books\Fritz9.ctg - appears to be a 'zip bomb' Could not check c:\Dokumente und Einstellungen\Leonhard\Eigene Dateien\Chemie\Chemieolympiade\39. Olympiade (2007)\1. Runde\Sonstiges\icq5_1_german_setup.exe\SfxArchiveData\Sarc0000 (corrupt) Could not check c:\Programme\InstallShield Installation Information\{1C27C64B-D5CF-4881-A310-0BD2A0D21927}\data1.hdr (corrupt) Could not check c:\Programme\Microsoft Office\Templates\1031\Contemporary Memo.dot (corrupt) Could not check c:\Programme\Microsoft Office\Templates\1031\Elegant Fax.dot (corrupt) Could not check c:\Programme\Microsoft Office\Templates\1031\Elegant Letter.dot (corrupt) Could not check c:\Programme\Microsoft Office\Templates\1031\Envelope Wizard.wiz (corrupt) Could not check c:\Programme\Microsoft Office\Templates\1031\Professional Letter.dot (corrupt) Could not check c:\Programme\Microsoft Office\Templates\1031\Resume Wizard.wiz (corrupt) Could not check c:\Programme\ElsterFormular2005\tmDB.dat (corrupt) Could not check c:\Programme\ElsterFormular2005\tmdb.mdb (corrupt) Could not open c:\hiberfil.sys Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\CONTMEMO.DOT_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ELEGFAX.DOT_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ELEGLTR.DOT_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ENVELOPE.WIZ_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\PROFLTR.DOT_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\RESUME.WIZ_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\CONVERT.WIZ_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\MERGELTR.DOT_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\PROFMADR.DOT_1031 (corrupt) Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\PROFMFAX.DOT_1031 (corrupt) 2 master boot records swept. 40175 files swept in 1 hour, 15 minutes and 1 second. 31 errors were encountered. No viruses were discovered. 1 encrypted file was not checked. Ending Sophos Anti-Virus. ________________________________________ /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2006, Trend Micro, Inc. | | http://www.antivirus.com | \--------------------------------------------------------------/ 2006-09-06, 16:22:39, Auto-clean mode specified. 2006-09-06, 16:22:39, Running scanner "c:\AV-CLS\Trend\TSC.BIN"... 2006-09-06, 16:22:49, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running. 2006-09-06, 16:22:49, TSC Log: Damage Cleanup Engine (DCE) 3.98(Build 1012) Windows XP(Build 2600: Service Pack 1) Start time : Mi Sep 06 2006 16:22:40 Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 780) [success] Complete time : Mi Sep 06 2006 16:22:49 Execute pattern count(2953), Virus found count(0), Virus clean count(0), Clean failed count(0) 2006-09-06, 17:13:47, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 16:23:45 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 35602 files have been read. 35602 files have been checked. 30629 files have been scanned. 52400 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:13:45 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:13:47, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 16:23:45 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 35602 files have been read. 35602 files have been checked. 30629 files have been scanned. 52400 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:13:45 49 minutes 59 seconds (2999.16 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:13:47, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 16:23:45 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 35602 files have been read. 35602 files have been checked. 30629 files have been scanned. 52400 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:13:45 49 minutes 59 seconds (2999.16 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:13:47, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-09-06, 17:15:25, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 17:13:48 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 4269 files have been read. 4269 files have been checked. 3825 files have been scanned. 3826 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:15:25 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:15:25, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 17:13:48 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 4269 files have been read. 4269 files have been checked. 3825 files have been scanned. 3826 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:15:25 1 minute 36 seconds (96.43 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:15:25, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 17:13:48 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 4269 files have been read. 4269 files have been checked. 3825 files have been scanned. 3826 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:15:25 1 minute 36 seconds (96.43 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:15:25, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-09-06, 17:32:02, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 17:15:25 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 53920 files have been read. 53920 files have been checked. 31212 files have been scanned. 34393 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:32:01 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:32:02, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 17:15:25 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 53920 files have been read. 53920 files have been checked. 31212 files have been scanned. 34393 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:32:01 16 minutes 35 seconds (994.66 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:32:02, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 9/6/2006 17:15:25 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 53920 files have been read. 53920 files have been checked. 31212 files have been scanned. 34393 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 9/6/2006 17:32:01 16 minutes 35 seconds (994.66 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-09-06, 17:32:02, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. ______________________________________ REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 06.09.2006 19:41:46 for strings: ; '{da39029c-d291-a968-3ff4-d0990d5cb5fc}' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\1\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\2] "{DA39029C-D291-A968-3FF4-D0990D5CB5FC}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{DA39029C-D291-A968-3FF4-D0990D5CB5FC}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}] ; End Of The Log... _______________________________________ Eine Anmerkung: AntiVirGuard hat während eines Scans einen Virus gefunden: ---------- C:\DOKUME~1\(mein Name)\LOKALE~1\Temp\V06GFQa01316 ist der Virus (bzw. der Virustyp) HEUR/Malware --------- Ich habe ihn gelöscht. mfg Murmeltier Dieser Beitrag wurde am 06.09.2006 um 19:51 Uhr von Murmeltier I editiert.
|
|
|
||
06.09.2006, 23:27
Ehrenmitglied
Beiträge: 29434 |
#10
avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was erscheint __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.09.2006, 23:34
Member
Themenstarter Beiträge: 33 |
#11
Äh, saublöde Frage, zugegeben: Was ist denn avenger und wo krieg ichs her (ich kenn mich wirklich nicht gut aus...)?
*Klein mach und in die Ecke schleich* Danke! mfg Murmeltier |
|
|
||
06.09.2006, 23:35
Ehrenmitglied
Beiträge: 29434 |
#12
sorry, link fehlte
http://virus-protect.org/artikel/tools/avenger.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.09.2006, 10:57
Member
Themenstarter Beiträge: 33 |
#13
Guten Morgen!
Ich bin, wenn ich mal kann, ein Langschläfer Den avenger habe ich runtergeladen und ausgeführt. Beim ersten Mal hat er was von "fatal error" gesagt. Ich habs nochmal probiert, da gings, aber er hat keine Logfile erstellt. Beim dritten Mal dann endlich hats geklappt und die Logfile ist da: ______________________ Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\byjlxdxm ******************* Script file located at: \??\C:\WINDOWS\System32\jnbbrbkm.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\1\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\2\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\2\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} deleted successfully. Completed script processing. ******************* _____________________ Hm, scheint net alles geklappt zu haben... Vielen Dank für deine Mühe! mfg Murmeltier edit: Ich habe ih njetzt einfach nochmal laufen lassen, mit dennicht gefundenen und deshalb fehlgeschalgenen Löschaufträgen- diesmal gabs wieder kein Log. Wäre es möglich, dass er die im zweiten Durchgang, als er auch kein Log erstellte, schon gelöscht hat, und dass dei deswegen nicht mehr da sind??? Hört sich Laienhaft an Dieser Beitrag wurde am 07.09.2006 um 11:04 Uhr von Murmeltier I editiert.
|
|
|
||
07.09.2006, 15:22
Ehrenmitglied
Beiträge: 29434 |
#14
poste mal das neue log vom hijackthis, der eintrag muesste nun raus sein........
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.09.2006, 17:27
Member
Themenstarter Beiträge: 33 |
#15
Stimmt! Vielen, vielen Dank!
_____________________ Logfile of HijackThis v1.99.1 Scan saved at 17:25, on 06-09-07 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WgaTray.exe C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\ntvdm.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\T-ONLINE\BSW3\ToDuCAlC.EXE C:\Dokumente und Einstellungen\Leonhard\Eigene Dateien\Virenjagd\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ICQ Lite] "D:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{45100E6B-CBB5-4925-869B-BE6598C6B36A}: NameServer = 217.237.151.115 217.237.150.33 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe _______________________ Heißt das, dass jetzt alles OK ist? Der komische Benutzername unter "Ausführen als" ist allerdings immer noch da... Oder kommt der vom System? mfg Murmeltier |
|
|
||
Ich habe inzwischen einen (hoffentlich...) virenfreien PC, nur zwei Probleme bestehten noch:
Ich möchte dieses BHO im HijackThis löschen:O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file), aber sie lässt sich weder fixen noch mit IE oder BHODemon entfernen.
Und das zweite: Wenn ich bei einem Programm auf "Ausführen als" klicke, tauchen unter den Benutzern zwei auf- einer bin ich, der andere ist irgendwas sehr seltsames, nennt sich LTjYjVJVWN, den hat hier ganz sicher niemand eingerichtet.
Diese beiden Sachen bedeuten wohl, dass immer noch irgendwas nicht stimmt...
Wäre nett, wenn mir einer helfen könnte!
mfg Murmeltier
_________________
Hier das HijackThis-Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 16:41, on 06-09-02
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\T-ONLINE\BSW3\ToDuCAlC.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Leonhard\Eigene Dateien\Virenjagd\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ICQ Lite] "D:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{45100E6B-CBB5-4925-869B-BE6598C6B36A}: NameServer = 217.237.151.115 217.237.150.33
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe