Verdächtiges BHO lässt sich nicht löschen

#1 Hi zusammen!
Ich habe inzwischen einen (hoffentlich...) virenfreien PC, nur zwei Probleme bestehten noch:
Ich möchte dieses BHO im HijackThis löschen:O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file), aber sie lässt sich weder fixen noch mit IE oder BHODemon entfernen.
Und das zweite: Wenn ich bei einem Programm auf "Ausführen als" klicke, tauchen unter den Benutzern zwei auf- einer bin ich, der andere ist irgendwas sehr seltsames, nennt sich LTjYjVJVWN, den hat hier ganz sicher niemand eingerichtet.
Diese beiden Sachen bedeuten wohl, dass immer noch irgendwas nicht stimmt...
Wäre nett, wenn mir einer helfen könnte!

mfg Murmeltier
_________________
Hier das HijackThis-Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 16:41, on 06-09-02
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\T-ONLINE\BSW3\ToDuCAlC.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Leonhard\Eigene Dateien\Virenjagd\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ICQ Lite] "D:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{45100E6B-CBB5-4925-869B-BE6598C6B36A}: NameServer = 217.237.151.115 217.237.150.33
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

#2

Zitat

{DA39029C-D291-A968-3FF4-D0990D5CB5FC}
Downloader trojan, attempts to connect to various Ukrainian websites - a variant of this trojan

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hier die Dateien:
________________________

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4049-1A01

Verzeichnis von C:\WINDOWS\system32

04.09.2006 22:22 13.700 wpa.dbl
20.08.2006 23:31 7.006 jupdate-1.5.0_06-b05.log
20.08.2006 20:35 10.752 mstinit.exe
20.08.2006 20:35 265.216 mstask.dll
20.08.2006 20:35 173.568 schedsvc.dll
20.08.2006 12:42 153.976 FNTCACHE.DAT
18.08.2006 23:35 40.128 perfc009.dat
18.08.2006 23:35 48.354 perfc007.dat
18.08.2006 23:35 316.924 perfh007.dat
18.08.2006 23:35 311.740 perfh009.dat
18.08.2006 23:35 723.744 PerfStringBackup.INI
09.08.2006 12:03 8.325.544 MRT.exe
04.08.2006 20:06 463.360 URLMON.DLL
21.07.2006 10:29 72.704 hlink.dll
18.07.2006 19:31 9.557 vgl.log
18.07.2006 18:00 172.032 cncs32.dll
18.07.2006 17:10 917.504 FLASH.OCX
14.07.2006 17:57 307.200 netapi32.dll
14.07.2006 17:36 519.168 hhctrl.ocx
13.07.2006 15:50 8.394.240 shell32.dll
13.07.2006 10:51 612.864 xpsp2res.dll
05.07.2006 12:53 1.002.496 kernel32.dll
30.06.2006 10:51 2.703.872 MSHTML.DLL
26.06.2006 19:47 6.144 rasadhlp.dll
26.06.2006 19:47 140.288 dnsapi.dll
23.06.2006 13:27 582.144 WININET.DLL
22.06.2006 12:59 169.984 rasmans.dll
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
13.06.2006 18:08 552 d3d8caps.dat
09.06.2006 14:35 351.744 DXTMSFT.DLL
09.06.2006 14:35 192.512 DXTRANS.DLL
02.06.2006 11:04 57.384 avsda.dll
_________________________________
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4049-1A01

Verzeichnis von C:\DOKUME~1\(mein Name)\LOKALE~1\Temp
_______________________________________
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4049-1A01

Verzeichnis von C:\WINDOWS

04.09.2006 22:23 1.780 win.ini
04.09.2006 22:22 0 0.log
04.09.2006 22:22 159 wiadebug.log
04.09.2006 22:22 2.048 bootstat.dat
03.09.2006 23:29 1.267.340 WindowsUpdate.log
03.09.2006 23:29 32.626 SchedLgU.Txt
03.09.2006 23:29 50 wiaservc.log
03.09.2006 13:35 54.156 QTFont.qfn
03.09.2006 13:35 1.409 QTFont.for
03.09.2006 12:39 212.537 setupact.log
02.09.2006 23:53 285.290 setupapi.log
02.09.2006 20:54 1.174 OEWABLog.txt
02.09.2006 20:54 160.993 wmsetup.log
02.09.2006 15:56 3.295 tm.ini
02.09.2006 14:14 223.241 Directx.log
01.09.2006 21:30 8.446 svcpack.log
29.08.2006 17:24 62.699 KB918899-IE6SP1-20060725.123917.log
29.08.2006 17:24 40.253 updspapi.log
20.08.2006 22:52 2.904 mozver.dat
20.08.2006 20:58 86.767 iis6.log
20.08.2006 20:58 556.265 FaxSetup.log
20.08.2006 20:58 289.884 ocgen.log
20.08.2006 20:58 198.064 comsetup.log
20.08.2006 20:58 118.362 ntdtcsetup.log
20.08.2006 20:58 1.374 imsins.log
20.08.2006 20:58 217.750 tsoc.log
20.08.2006 20:58 19.848 ocmsn.log
20.08.2006 20:58 15.246 KB840987.log
20.08.2006 20:58 27.844 msgsocm.log
20.08.2006 20:57 16.985 xpsp1hfm.log
20.08.2006 20:57 6.026 KB840374.log
20.08.2006 20:57 1.374 imsins.BAK
20.08.2006 20:57 9.881 KB841356.log
20.08.2006 20:56 5.145 KB839645.log
20.08.2006 20:56 9.946 KB871250.log
20.08.2006 20:55 4.725 KB833987.log
20.08.2006 20:55 10.499 KB841873.log
20.08.2006 20:55 9.028 KB873376.log
20.08.2006 20:55 9.649 KB841533.log
20.08.2006 19:14 287.646 ntbtlog.txt
20.08.2006 12:42 2.151 spupdsvc.log
20.08.2006 12:38 74.290 KB922616.log
20.08.2006 12:38 77.224 KB921398.log
20.08.2006 12:37 72.014 KB920683.log
20.08.2006 12:36 72.066 KB920670.log
20.08.2006 12:36 71.545 KB917422.log
20.08.2006 12:35 65.870 KB921883.log
20.08.2006 12:34 68.021 KB917159.log
20.08.2006 12:33 68.429 KB914388.log
20.08.2006 12:33 43.742 WgaNotify.log
20.08.2006 12:32 56.183 KB911280.log
20.08.2006 12:32 33.987 KB833407.log
20.08.2006 12:31 46.806 KB917953.log
20.08.2006 12:31 48.630 KB913580.log
20.08.2006 12:30 33.397 KB914798.log
20.08.2006 12:29 47.204 KB917344.log
20.08.2006 12:28 30.258 KB918439-IE6SP1-20060530.145346.log
20.08.2006 12:28 49.205 KB914389.log
20.08.2006 12:26 33.177 KB917734.log
20.08.2006 12:25 50.601 KB908531.log
20.08.2006 12:24 48.313 KB911562.log
20.08.2006 12:24 32.239 KB911567-OE6SP1-20060316.165634.log
20.08.2006 12:23 32.863 KB911564.log
20.08.2006 12:22 48.696 KB911927.log
20.08.2006 12:22 44.779 KB912919.log
20.08.2006 12:21 44.040 KB908519.log
20.08.2006 12:21 33.855 KB910437.log
20.08.2006 12:20 40.558 KB835409.log
20.08.2006 12:20 46.731 KB896424.log
20.08.2006 12:19 45.147 KB900725.log
20.08.2006 12:19 37.015 KB905495.log
20.08.2006 12:18 39.363 KB905749.log
20.08.2006 12:18 25.097 KB904706.log
20.08.2006 12:17 39.232 KB905414.log
20.08.2006 12:17 40.047 KB901017.log
20.08.2006 12:17 42.066 KB902400.log
20.08.2006 12:15 30.281 KB896423.log
20.08.2006 12:14 33.009 KB899587.log
20.08.2006 12:13 31.999 KB899591.log
20.08.2006 12:13 32.165 KB893756.log
20.08.2006 12:12 31.470 KB896358.log
20.08.2006 12:11 30.385 KB890859.log
20.08.2006 12:09 27.074 KB901214.log
20.08.2006 12:09 25.287 KB896428.log
20.08.2006 12:08 27.533 KB890046.log
20.08.2006 12:07 29.511 KB885835.log
20.08.2006 12:05 22.316 KB891781.log
20.08.2006 12:04 21.560 KB888302.log
20.08.2006 12:04 23.458 KB885836.log
20.08.2006 12:03 22.565 KB873339.log
20.08.2006 09:46 27.629 KB823980.log
20.08.2006 09:45 629 avmcoins.log
20.08.2006 09:43 2.484 F-Lovsan.log
19.08.2006 23:14 6.739 WGA.log
19.08.2006 14:56 6.395 KB842773.log
19.08.2006 14:55 8.694 KB893803v2.log
19.08.2006 14:54 7.245 KB898461.log
19.08.2006 14:46 3.207 tpl.cfg
19.08.2006 14:46 1.287 ISISAIM.INI
19.08.2006 11:19 0 nsreg.dat
18.08.2006 23:39 64 wininit.ini
18.08.2006 23:39 840 SIERRA.INI
18.08.2006 22:40 247 system.ini
13.08.2006 13:33 26 ms_shell.ini
21.07.2006 13:19 500 GEARInstall.log
20.07.2006 22:54 4.096 d3dx.dat
18.07.2006 18:00 18 gfact.ini
17.07.2006 14:37 89 vpetting.ini
09.07.2006 17:42 300 CDCOPS.XCP
26.06.2006 20:36 479 qtw.ini
20.05.2006 18:32 316.640 WMSysPr9.prx
18.05.2006 16:54 580 CrypTool.INI
_______________________________
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4049-1A01

Verzeichnis von C:\

04.09.2006 22:28 14.300 system.txt
04.09.2006 22:28 0 sys.txt
04.09.2006 22:28 136 systemtemp.txt
04.09.2006 22:28 96.728 system32.txt
04.09.2006 22:22 435.736.576 hiberfil.sys
04.09.2006 22:22 603.979.776 pagefile.sys
02.09.2006 16:29 137 ComboFix.txt
06.05.2004 21:50 0 MSDOS.SYS
06.05.2004 21:50 0 CONFIG.SYS
06.05.2004 21:50 0 AUTOEXEC.BAT
06.05.2004 21:50 0 IO.SYS
06.05.2004 21:43 194 boot.ini
02.04.2003 12:00 4.952 bootfont.bin
02.04.2003 12:00 47.580 NTDETECT.COM
02.04.2003 12:00 235.296 ntldr
15 Datei(en) 1.040.115.675 Bytes
0 Verzeichnis(se), 7.104.954.368 Bytes frei
________________________
Hier also die vier Files. Ich habe nur einmal meinen Namen gelöscht.

Vielen Dank für deine Hilfe!!!

mfg Murmeltier

#4 virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\mstinit.exe
C:\WINDOWS\system32\mstask.dll
C:\WINDOWS\system32\schedsvc.dll
C:\WINDOWS\system32\cncs32.dll

poste die reporte
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hier sind die Dateien (hatte gestern keine Zeit mehr):
_______________________
Complete scanning result of "mstinit.exe", received in VirusTotal at 09.05.2006, 16:55:37 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 no virus found
Authentium 4.93.8 09.03.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.04.2006 no virus found
BitDefender 7.2 09.05.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 no virus found
eTrust-InoculateIT 23.72.115 09.04.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 no virus found
F-Prot 3.16f 09.04.2006 no virus found
F-Prot4 4.2.1.29 09.04.2006 no virus found
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 no virus found
McAfee 4844 09.04.2006 no virus found
Microsoft 1.1560 09.05.2006 no virus found
NOD32v2 1.1739 09.04.2006 no virus found
Norman 5.90.23 09.05.2006 no virus found
Panda 9.0.0.4 09.04.2006 no virus found
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 no virus found
TheHacker 5.9.8.204 09.04.2006 no virus found
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.04.2006 no virus found
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 10752 bytes
MD5: d0f56ca603ca3fcb7ec9f99f000b1efb
SHA1: b47c2bea3c9f110dac91350bbc8d0fde00f99bfb
_____________________________________
Complete scanning result of "mstask.dll", received in VirusTotal at 09.05.2006, 17:11:10 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 no virus found
Authentium 4.93.8 09.03.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.04.2006 no virus found
BitDefender 7.2 09.05.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 no virus found
eTrust-InoculateIT 23.72.115 09.04.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 no virus found
F-Prot 3.16f 09.04.2006 no virus found
F-Prot4 4.2.1.29 09.04.2006 no virus found
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 no virus found
McAfee 4844 09.04.2006 no virus found
Microsoft 1.1560 09.05.2006 no virus found
NOD32v2 1.1739 09.04.2006 no virus found
Norman 5.90.23 09.05.2006 no virus found
Panda 9.0.0.4 09.04.2006 no virus found
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 no virus found
TheHacker 5.9.8.204 09.04.2006 no virus found
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.04.2006 no virus found
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 265216 bytes
MD5: eaee060c6d66fa7309f7d68271c6ae8a
SHA1: adf8ed1b306040545abd33677d1579b1e2df4aac
_____________________________
Complete scanning result of "schedsvc.dll", received in VirusTotal at 09.05.2006, 17:37:45 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 no virus found
Authentium 4.93.8 09.03.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.04.2006 no virus found
BitDefender 7.2 09.05.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 no virus found
eTrust-InoculateIT 23.72.115 09.04.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 no virus found
F-Prot 3.16f 09.04.2006 no virus found
F-Prot4 4.2.1.29 09.04.2006 no virus found
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 no virus found
McAfee 4844 09.04.2006 no virus found
Microsoft 1.1560 09.05.2006 no virus found
NOD32v2 1.1739 09.04.2006 no virus found
Norman 5.90.23 09.05.2006 no virus found
Panda 9.0.0.4 09.05.2006 no virus found
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 no virus found
TheHacker 5.9.8.204 09.04.2006 no virus found
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.04.2006 no virus found
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 173568 bytes
MD5: a8ea74a4680e7e738dc64c5104f99bac
SHA1: 65f1475c841cade6764f94cbe947fba5e63fd0b7
____________________________________
Complete scanning result of "cncs32.dll", received in VirusTotal at 09.05.2006, 18:16:01 (CET).

Antivirus Version Update Result
AntiVir 7.1.1.11 09.05.2006 no virus found
Authentium 4.93.8 09.03.2006 no virus found
Avast 4.7.844.0 09.04.2006 no virus found
AVG 386 09.04.2006 no virus found
BitDefender 7.2 09.05.2006 no virus found
CAT-QuickHeal 8.00 09.05.2006 no virus found
ClamAV devel-20060426 09.05.2006 no virus found
DrWeb 4.33 09.05.2006 no virus found
eTrust-InoculateIT 23.72.115 09.04.2006 no virus found
eTrust-Vet 30.3.3063 09.05.2006 no virus found
Ewido 4.0 09.05.2006 no virus found
Fortinet 2.77.0.0 09.04.2006 no virus found
F-Prot 3.16f 09.04.2006 no virus found
F-Prot4 4.2.1.29 09.04.2006 no virus found
Ikarus 0.2.65.0 09.05.2006 no virus found
Kaspersky 4.0.2.24 09.05.2006 no virus found
McAfee 4845 09.05.2006 no virus found
Microsoft 1.1560 09.05.2006 no virus found
NOD32v2 1.1740 09.05.2006 no virus found
Norman 5.90.23 09.05.2006 no virus found
Panda 9.0.0.4 09.05.2006 no virus found
Sophos 4.09.0 09.05.2006 no virus found
Symantec 8.0 09.05.2006 no virus found
TheHacker 5.9.8.204 09.04.2006 no virus found
UNA 1.83 09.05.2006 no virus found
VBA32 3.11.1 09.04.2006 no virus found
VirusBuster 4.3.7:9 09.05.2006 no virus found

Aditional Information
File size: 172032 bytes
MD5: 40c67b4b7ed094f6dab4948aac367959
SHA1: ff61f1b608f2ec7dc981f4ab255b21ba02f69e5e
__________________
Das war's... er hat wohl nix gefunden

mfg Murmeltier

#6 F-Secure Online Scanner Next Generation Beta
http://support.f-secure.com/enu/home/ols3.shtml

1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta".
2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren
3. Installiere diese ActiveX-Komponente
4. Lies die Anleitung und klicke: "Accept"
5. Klicke "Full System Scan"
6. klicke "Show report" - kopiere den Scanreport
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Scanning Report
Wednesday, September 06, 2006 12:24:19 - 13:14:41

Computer name: P-KBNXL9TZ2C2RV
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\
Result: 4 malware found
Alexa (spyware)

* System (Disinfected)

BrilliantDigital (spyware)

* System (Disinfected)

Tracking Cookie (spyware)

* System (Disinfected)
* System

Statistics
Scanned:

* Files: 23835
* System: 8369
* Not scanned: 4

Actions:

* Disinfected: 3
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\HIBERFIL.SYS
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{1D9614D4-41D0-4D34-9689-072F412A6A0F}.BIN
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-09-06
* F-Secure Libra: 2.4.1, 2006-09-05
* F-Secure Orion: 1.2.37, 2006-09-05
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-07-30
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics
_____________
Also, offenbar war doch was da...

mfg Murmeltier

#8 1.
scanne mit Sophos und trendmicro und poste beide scanreporte
http://virus-protect.org/multiavtool.html

2.
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

{DA39029C-D291-A968-3FF4-D0990D5CB5FC}

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hi!
Vielen Dank bis hierher!
Hier die Scanergebnisse:
_____________________________________
Sophos Anti-Virus
Version 4.09.0 [Win32/Intel]
Virus data version 4.09, September 2006
Includes detection for 187561 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com

System time 17:36:07, System date 06 September 2006
Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet

IDE directory is: c:\AV-CLS\Sophos

Using IDE file vanebo-j.ide
Using IDE file zlobec.ide
Using IDE file dloa-amj.ide
Using IDE file dowdec-e.ide
Using IDE file tileb-go.ide
Using IDE file strat-r.ide
Using IDE file narcha-a.ide
Using IDE file ds060905.ide
Using IDE file tileb-fr.ide
Using IDE file dloa-amm.ide
Using IDE file rbot-fll.ide
Using IDE file silly-c.ide
Using IDE file dowdec-d.ide
Using IDE file bombka-l.ide
Using IDE file vanegen.ide
Using IDE file medbot-b.ide
Using IDE file toyep-a.ide
Using IDE file qqpa-afn.ide
Using IDE file poebo-iu.ide
Using IDE file dowdec-c.ide
Using IDE file banl-amu.ide
Using IDE file strat-p.ide
Using IDE file vanebo-i.ide
Using IDE file ds060901.ide
Using IDE file crybotc.ide
Using IDE file zlobat.ide
Using IDE file kwbot-l.ide
Using IDE file glupzy-a.ide
Using IDE file dwnl-ffo.ide
Using IDE file ds060831.ide
Using IDE file smdldr-l.ide
Using IDE file haxdo-dc.ide
Using IDE file looked-l.ide
Using IDE file dowdec-b.ide
Using IDE file banc-aup.ide
Using IDE file smdldr-n.ide
Using IDE file ds060830.ide
Using IDE file dload-yt.ide
Using IDE file ghgho-bh.ide
Using IDE file tileb-gm.ide
Using IDE file womble-b.ide
Using IDE file womble-a.ide
Using IDE file ds060829.ide
Using IDE file clagg-ab.ide
Using IDE file bank-dix.ide
Using IDE file puce-h.ide
Using IDE file torpi-bh.ide
Using IDE file bckd-mli.ide
Using IDE file vanebo-g.ide
Using IDE file vanebo-f.ide
Using IDE file strati-i.ide
Using IDE file strati-g.ide
Using IDE file wowpws-o.ide
Using IDE file strati-h.ide
Using IDE file alcra-e.ide
Using IDE file goldu-dz.ide
Using IDE file tileb-gi.ide
Using IDE file banc-aun.ide
Using IDE file smoodo-b.ide
Using IDE file vanebo-c.ide
Using IDE file feebs-be.ide
Using IDE file stratn-e.ide
Using IDE file dwnl-fdt.ide
Using IDE file loot-bf.ide
Using IDE file strati-d.ide
Using IDE file rbot-fkt.ide
Using IDE file sdbo-bay.ide
Using IDE file rbot-fkr.ide
Using IDE file zapch-bx.ide
Using IDE file dloa-ama.ide
Using IDE file flecsi-k.ide
Using IDE file rbot-fkq.ide
Using IDE file ds060822.ide
Using IDE file zlob-rf.ide
Using IDE file opnis-c.ide
Using IDE file smal-coa.ide
Using IDE file cosiam-l.ide
Using IDE file keylo-hd.ide
Using IDE file strati-b.ide
Using IDE file cosiam-k.ide
Using IDE file vanebota.ide
Using IDE file medbot-e.ide
Using IDE file borob-ab.ide
Using IDE file rbot-ewd.ide
Using IDE file dnsbus-n.ide
Using IDE file ds060818.ide
Using IDE file vbsillyb.ide
Using IDE file zlob-cn.ide
Using IDE file looked-i.ide
Using IDE file fanbot-d.ide
Using IDE file clagg-aa.ide
Using IDE file clagge-z.ide
Using IDE file haxdo-dt.ide
Using IDE file banl-ama.ide
Using IDE file salit-aa.ide
Using IDE file ldpin-op.ide
Using IDE file dloa-alm.ide
Using IDE file bobax-dz.ide
Using IDE file bank-czp.ide
Using IDE file looked-h.ide
Using IDE file haxdo-da.ide
Using IDE file mytob-p.ide
Using IDE file mytob-m.ide
Using IDE file strati-a.ide
Using IDE file spydld-j.ide
Using IDE file kuku-fam.ide
Using IDE file bront-bj.ide
Using IDE file tileb-gh.ide
Using IDE file goldu-dv.ide
Using IDE file ds060814.ide
Using IDE file kuku-b.ide
Using IDE file zlob-qv.ide
Using IDE file poebo-hv.ide
Using IDE file cuebot-l.ide
Using IDE file virut-a.ide
Using IDE file bront-bh.ide
Using IDE file sdbo-dtm.ide
Using IDE file banc-atd.ide
Using IDE file dloa-alc.ide
Using IDE file ircbo-pf.ide

Full Scanning

Could not open c:\WINDOWS\system32\config\system.LOG
Could not open c:\WINDOWS\Temp\Perflib_Perfdata_704.dat
Password protected file c:\WINDOWS\Cache\Adobe Reader 6\Data1.cab\RdrMsgENU.pdf
Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open c:\Dokumente und Einstellungen\Leonhard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
Could not open c:\Dokumente und Einstellungen\Leonhard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG
Aborted checking c:\Dokumente und Einstellungen\Leonhard\Eigene Dateien\ChessBase\Books\Fritz9.ctg - appears to be a 'zip bomb'
Could not check c:\Dokumente und Einstellungen\Leonhard\Eigene Dateien\Chemie\Chemieolympiade\39. Olympiade (2007)\1. Runde\Sonstiges\icq5_1_german_setup.exe\SfxArchiveData\Sarc0000 (corrupt)
Could not check c:\Programme\InstallShield Installation Information\{1C27C64B-D5CF-4881-A310-0BD2A0D21927}\data1.hdr (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Contemporary Memo.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Elegant Fax.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Elegant Letter.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Envelope Wizard.wiz (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Professional Letter.dot (corrupt)
Could not check c:\Programme\Microsoft Office\Templates\1031\Resume Wizard.wiz (corrupt)
Could not check c:\Programme\ElsterFormular2005\tmDB.dat (corrupt)
Could not check c:\Programme\ElsterFormular2005\tmdb.mdb (corrupt)
Could not open c:\hiberfil.sys
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\CONTMEMO.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ELEGFAX.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ELEGLTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\ENVELOPE.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\PROFLTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W3561404.CAB\RESUME.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\CONVERT.WIZ_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\MERGELTR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\PROFMADR.DOT_1031 (corrupt)
Could not check c:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\W4561404.CAB\PROFMFAX.DOT_1031 (corrupt)

2 master boot records swept.
40175 files swept in 1 hour, 15 minutes and 1 second.
31 errors were encountered.
No viruses were discovered.
1 encrypted file was not checked.
Ending Sophos Anti-Virus.
________________________________________
/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2006-09-06, 16:22:39, Auto-clean mode specified.
2006-09-06, 16:22:39, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2006-09-06, 16:22:49, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2006-09-06, 16:22:49, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 1)

Start time : Mi Sep 06 2006 16:22:40

Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 780) [success]

Complete time : Mi Sep 06 2006 16:22:49
Execute pattern count(2953), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-09-06, 17:13:47, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 16:23:45
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

35602 files have been read.
35602 files have been checked.
30629 files have been scanned.
52400 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:13:45
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:13:47, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 16:23:45
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

35602 files have been read.
35602 files have been checked.
30629 files have been scanned.
52400 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:13:45 49 minutes 59 seconds (2999.16 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:13:47, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 16:23:45
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

35602 files have been read.
35602 files have been checked.
30629 files have been scanned.
52400 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:13:45 49 minutes 59 seconds (2999.16 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:13:47, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
2006-09-06, 17:15:25, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 17:13:48
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

4269 files have been read.
4269 files have been checked.
3825 files have been scanned.
3826 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:15:25
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:15:25, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 17:13:48
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

4269 files have been read.
4269 files have been checked.
3825 files have been scanned.
3826 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:15:25 1 minute 36 seconds (96.43 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:15:25, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 17:13:48
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

4269 files have been read.
4269 files have been checked.
3825 files have been scanned.
3826 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:15:25 1 minute 36 seconds (96.43 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:15:25, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
2006-09-06, 17:32:02, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 17:15:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

53920 files have been read.
53920 files have been checked.
31212 files have been scanned.
34393 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:32:01
---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:32:02, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 17:15:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

53920 files have been read.
53920 files have been checked.
31212 files have been scanned.
34393 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:32:01 16 minutes 35 seconds (994.66 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:32:02, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2006 17:15:25
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 729 (131089 Patterns) (2006/09/06) (372900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend

53920 files have been read.
53920 files have been checked.
31212 files have been scanned.
34393 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2006 17:32:01 16 minutes 35 seconds (994.66 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-09-06, 17:32:02, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
______________________________________
REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 06.09.2006 19:41:46 for strings:
; '{da39029c-d291-a968-3ff4-d0990d5cb5fc}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\1\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\2]
"{DA39029C-D291-A968-3FF4-D0990D5CB5FC}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{DA39029C-D291-A968-3FF4-D0990D5CB5FC}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}]

; End Of The Log...
_______________________________________


Eine Anmerkung:
AntiVirGuard hat während eines Scans einen Virus gefunden:
----------
C:\DOKUME~1\(mein Name)\LOKALE~1\Temp\V06GFQa01316
ist der Virus (bzw. der Virustyp)
HEUR/Malware
---------
Ich habe ihn gelöscht.
mfg Murmeltier

#10 avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\1\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\2\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was erscheint
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Äh, saublöde Frage, zugegeben: Was ist denn avenger und wo krieg ichs her (ich kenn mich wirklich nicht gut aus...)?
*Klein mach und in die Ecke schleich*
Danke!

mfg Murmeltier

#12 sorry, link fehlte
http://virus-protect.org/artikel/tools/avenger.html
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Guten Morgen!
Ich bin, wenn ich mal kann, ein Langschläfer
Den avenger habe ich runtergeladen und ausgeführt. Beim ersten Mal hat er was von "fatal error" gesagt. Ich habs nochmal probiert, da gings, aber er hat keine Logfile erstellt. Beim dritten Mal dann endlich hats geklappt und die Logfile ist da:
______________________
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\byjlxdxm

*******************

Script file located at: \??\C:\WINDOWS\System32\jnbbrbkm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\1\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\2\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mrgkh\2\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} deleted successfully.

Completed script processing.

*******************
_____________________
Hm, scheint net alles geklappt zu haben...
Vielen Dank für deine Mühe!

mfg Murmeltier

edit: Ich habe ih njetzt einfach nochmal laufen lassen, mit dennicht gefundenen und deshalb fehlgeschalgenen Löschaufträgen- diesmal gabs wieder kein Log.
Wäre es möglich, dass er die im zweiten Durchgang, als er auch kein Log erstellte, schon gelöscht hat, und dass dei deswegen nicht mehr da sind??? Hört sich Laienhaft an

#14 poste mal das neue log vom hijackthis, der eintrag muesste nun raus sein........
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Stimmt! Vielen, vielen Dank!
_____________________
Logfile of HijackThis v1.99.1
Scan saved at 17:25, on 06-09-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\T-ONLINE\BSW3\ToDuCAlC.EXE
C:\Dokumente und Einstellungen\Leonhard\Eigene Dateien\Virenjagd\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ICQ Lite] "D:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45100E6B-CBB5-4925-869B-BE6598C6B36A}: NameServer = 217.237.151.115 217.237.150.33
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
_______________________
Heißt das, dass jetzt alles OK ist?
Der komische Benutzername unter "Ausführen als" ist allerdings immer noch da... Oder kommt der vom System?

mfg Murmeltier