Ich habe die letzten Tage versucht, den PC meiner Mutter, den leider auch meine beiden jüngeren Brüder benutzen, die noch zu hause wohnen, wieder halbwegs in Gang zu bringen. Der PC war EXTREM langsam und es kamen auch ständig Werbefenster. Ich hab bereits folgende Programme benutzt und schon EINIGES gefunden und entfernt (ich habe auch die Scanreports gespeichert):
- Counterspy
- CleanUp
- F-secure
- ewido
- RegistryFix
- CoutnerSpy
Könnte bitte jemand kurz einen Kommentar zu den folgenden Logs abgeben und mir eventuell sagen, was noch zu beheben wäre:
Hijackthis Log:
Logfile of HijackThis v1.99.1
Scan saved at 17:47:25, on 30.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Dit.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Nikon\NkView6\NkvMon.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Hiho\Desktop\Computer Security\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.971searchbox.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/c ... /nt1_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/c ... pyt1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden ... Loader.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/d ... se3401.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
[/list]
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
Mutti's PC
7 Beiträge • Seite 1 von 1
von Zed99 am 30.06.2006, 17:52
datFind
system32:
30.06.2006 15:13 2.206 wpa.dbl
22.06.2006 12:47 181.248 rasmans.dll
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
09.06.2006 03:19 5.967.776 MRT.exe
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
19.05.2006 17:09 3.073.536 mshtml.dll
18.05.2006 07:36 450.560 jscript.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 96.768 inseng.dll
10.05.2006 07:22 16.384 jsproxy.dll
10.05.2006 07:22 1.056.256 danim.dll
10.05.2006 07:22 205.312 dxtrans.dll
10.05.2006 07:22 357.888 dxtmsft.dll
10.05.2006 07:22 251.392 iepeers.dll
10.05.2006 07:22 55.808 extmgr.dll
10.05.2006 07:22 152.064 cdfview.dll
10.05.2006 07:22 1.022.976 browseui.dll
06.05.2006 20:49 263.824 FNTCACHE.DAT
29.04.2006 06:07 5.533.696 wmp.dll
22.04.2006 17:22 60.200 sirenacm.dll
03.04.2006 11:40 14.048 spmsg.dll
Temp:
30.06.2006 15:20 811 jusched.log
30.06.2006 15:18 1.212.416 ~DFBBC7.tmp
30.06.2006 15:13 49.152 ~DF79B2.tmp
30.06.2006 15:13 32.768 ~DF6CEB.tmp
30.06.2006 15:13 16.384 ~DFEA05.tmp
30.06.2006 15:10 2.004 WCESLog.log
30.06.2006 15:10 468 WCESCOMM.LOG
30.06.2006 15:04 96 WcesView.log
30.06.2006 14:24 16.384 Perflib_Perfdata_a94.dat
30.06.2006 14:11 65.536 ~DF2081.tmp
Windows:
30.06.2006 16:36 1.696.032 WindowsUpdate.log
30.06.2006 15:12 0 0.log
30.06.2006 15:11 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
30.06.2006 15:11 159 wiadebug.log
30.06.2006 15:11 50 wiaservc.log
30.06.2006 15:10 2.048 bootstat.dat
30.06.2006 15:08 32.596 SchedLgU.Txt
30.06.2006 12:26 202 NeroDigital.ini
29.06.2006 21:32 155 winamp.ini
29.06.2006 20:03 227.483 setupact.log
29.06.2006 19:59 176.280 ntbtlog.txt
29.06.2006 19:37 40.955 WgaNotify.log
29.06.2006 19:36 702.232 setupapi.log
28.06.2006 20:05 49 popcinfo.dat
28.06.2006 12:59 117.785 iis6.log
28.06.2006 12:59 263.614 comsetup.log
28.06.2006 12:59 164.436 ntdtcsetup.log
28.06.2006 12:59 39.449 ocmsn.log
28.06.2006 12:59 1.374 imsins.log
28.06.2006 12:59 317.790 tsoc.log
28.06.2006 12:59 11.166 KB911280.log
28.06.2006 12:59 434.383 ocgen.log
28.06.2006 12:59 40.271 msgsocm.log
28.06.2006 12:59 778.745 FaxSetup.log
28.06.2006 12:58 28.048 updspapi.log
27.06.2006 17:14 271.099 wmsetup.log
17.06.2006 12:41 31.583 spupdsvc.log
17.06.2006 12:12 1.374 imsins.BAK
17.06.2006 12:12 13.331 KB917734.log
17.06.2006 12:10 13.609 KB918439.log
17.06.2006 12:10 13.968 KB917344.log
17.06.2006 12:10 13.743 KB917953.log
17.06.2006 12:10 17.632 KB916281.log
17.06.2006 12:09 11.519 KB914389.log
28.05.2006 15:27 195.884 DirectX.log
23.05.2006 12:30 3.172 CX_SearchHistory.INI
10.05.2006 07:45 11.769 KB913580.log
26.04.2006 07:57 11.163 KB900485.log
23.04.2006 08:55 27 SW_Win2000X32.DLL
16.04.2006 11:39 14.983 KB908531.log
16.04.2006 11:39 14.232 KB911562.log
16.04.2006 11:39 16.259 KB912812.log
16.04.2006 11:38 20.272 KB911565.log
16.04.2006 11:38 10.728 KB911567.log
C:\:
30.06.2006 17:50 0 sys.txt
30.06.2006 17:49 15.452 system.txt
30.06.2006 17:49 787 systemtemp.txt
30.06.2006 17:47 108.990 system32.txt
30.06.2006 15:10 536.399.872 hiberfil.sys
30.06.2006 15:10 805.306.368 pagefile.sys
29.06.2006 20:03 895 rapport.txt
29.06.2006 19:49 98 rem.reg
29.06.2006 19:47 2.844 avenger.txt
29.06.2006 19:46 1.080 jdsaaida.bat
23.06.2006 12:45 1.328 FSUIPC_reg.bin
system32:
30.06.2006 15:13 2.206 wpa.dbl
22.06.2006 12:47 181.248 rasmans.dll
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
09.06.2006 03:19 5.967.776 MRT.exe
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
19.05.2006 17:09 3.073.536 mshtml.dll
18.05.2006 07:36 450.560 jscript.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 96.768 inseng.dll
10.05.2006 07:22 16.384 jsproxy.dll
10.05.2006 07:22 1.056.256 danim.dll
10.05.2006 07:22 205.312 dxtrans.dll
10.05.2006 07:22 357.888 dxtmsft.dll
10.05.2006 07:22 251.392 iepeers.dll
10.05.2006 07:22 55.808 extmgr.dll
10.05.2006 07:22 152.064 cdfview.dll
10.05.2006 07:22 1.022.976 browseui.dll
06.05.2006 20:49 263.824 FNTCACHE.DAT
29.04.2006 06:07 5.533.696 wmp.dll
22.04.2006 17:22 60.200 sirenacm.dll
03.04.2006 11:40 14.048 spmsg.dll
Temp:
30.06.2006 15:20 811 jusched.log
30.06.2006 15:18 1.212.416 ~DFBBC7.tmp
30.06.2006 15:13 49.152 ~DF79B2.tmp
30.06.2006 15:13 32.768 ~DF6CEB.tmp
30.06.2006 15:13 16.384 ~DFEA05.tmp
30.06.2006 15:10 2.004 WCESLog.log
30.06.2006 15:10 468 WCESCOMM.LOG
30.06.2006 15:04 96 WcesView.log
30.06.2006 14:24 16.384 Perflib_Perfdata_a94.dat
30.06.2006 14:11 65.536 ~DF2081.tmp
Windows:
30.06.2006 16:36 1.696.032 WindowsUpdate.log
30.06.2006 15:12 0 0.log
30.06.2006 15:11 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
30.06.2006 15:11 159 wiadebug.log
30.06.2006 15:11 50 wiaservc.log
30.06.2006 15:10 2.048 bootstat.dat
30.06.2006 15:08 32.596 SchedLgU.Txt
30.06.2006 12:26 202 NeroDigital.ini
29.06.2006 21:32 155 winamp.ini
29.06.2006 20:03 227.483 setupact.log
29.06.2006 19:59 176.280 ntbtlog.txt
29.06.2006 19:37 40.955 WgaNotify.log
29.06.2006 19:36 702.232 setupapi.log
28.06.2006 20:05 49 popcinfo.dat
28.06.2006 12:59 117.785 iis6.log
28.06.2006 12:59 263.614 comsetup.log
28.06.2006 12:59 164.436 ntdtcsetup.log
28.06.2006 12:59 39.449 ocmsn.log
28.06.2006 12:59 1.374 imsins.log
28.06.2006 12:59 317.790 tsoc.log
28.06.2006 12:59 11.166 KB911280.log
28.06.2006 12:59 434.383 ocgen.log
28.06.2006 12:59 40.271 msgsocm.log
28.06.2006 12:59 778.745 FaxSetup.log
28.06.2006 12:58 28.048 updspapi.log
27.06.2006 17:14 271.099 wmsetup.log
17.06.2006 12:41 31.583 spupdsvc.log
17.06.2006 12:12 1.374 imsins.BAK
17.06.2006 12:12 13.331 KB917734.log
17.06.2006 12:10 13.609 KB918439.log
17.06.2006 12:10 13.968 KB917344.log
17.06.2006 12:10 13.743 KB917953.log
17.06.2006 12:10 17.632 KB916281.log
17.06.2006 12:09 11.519 KB914389.log
28.05.2006 15:27 195.884 DirectX.log
23.05.2006 12:30 3.172 CX_SearchHistory.INI
10.05.2006 07:45 11.769 KB913580.log
26.04.2006 07:57 11.163 KB900485.log
23.04.2006 08:55 27 SW_Win2000X32.DLL
16.04.2006 11:39 14.983 KB908531.log
16.04.2006 11:39 14.232 KB911562.log
16.04.2006 11:39 16.259 KB912812.log
16.04.2006 11:38 20.272 KB911565.log
16.04.2006 11:38 10.728 KB911567.log
C:\:
30.06.2006 17:50 0 sys.txt
30.06.2006 17:49 15.452 system.txt
30.06.2006 17:49 787 systemtemp.txt
30.06.2006 17:47 108.990 system32.txt
30.06.2006 15:10 536.399.872 hiberfil.sys
30.06.2006 15:10 805.306.368 pagefile.sys
29.06.2006 20:03 895 rapport.txt
29.06.2006 19:49 98 rem.reg
29.06.2006 19:47 2.844 avenger.txt
29.06.2006 19:46 1.080 jdsaaida.bat
23.06.2006 12:45 1.328 FSUIPC_reg.bin
- Zed99
- Beiträge: 15
- Registriert: 23.06.2006, 11:34
von Zed99 am 30.06.2006, 17:52
echo:
10)DPF????
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 2496-AFED
Verzeichnis von C:\WINDOWS\Downloaded Program Files
25.06.2003 19:00 541 ca.pub
04.11.2005 15:31 <DIR> CONFLICT.1
17.01.2006 17:11 580.663 daas_s.dll
14.10.1997 19:52 697 DirectAnimation Java Classes.osd
25.07.2002 18:13 24.576 dwusplay.dll
25.07.2002 18:13 196.608 dwusplay.exe
28.03.2002 17:05 1.268 erma.inf
03.02.2006 11:20 188.416 fsauc.dll
16.06.2006 15:31 181.856 fscax.dll
15.06.2006 10:19 483 fscax.inf
09.09.2004 15:17 65.272 GDIChk.dll
09.09.2004 15:18 302 gdichk.inf
06.10.2005 19:19 168.448 IEAWSDC.DLL
06.10.2005 19:19 452 ieawsdc.inf
25.07.2002 18:05 172.032 isusweb.dll
25.08.2003 19:12 1.096 iuctl.inf
25.01.2006 13:43 367 LegitCheckControl.inf
29.05.2003 16:00 160.864 messengerstatsclient.dll
20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd
29.05.2003 16:00 77.408 msgrchkr.dll
30.06.2005 16:19 227 MsnMessengerSetupDownloader.inf
14.08.2005 01:26 113.664 MsnMessengerSetupDownloader.ocx
22.08.2003 22:10 226 opuc.inf
09.10.2003 10:32 144 QTPlugin.inf
02.10.2004 23:34 151.552 RSGameLoader.dll
10.01.2005 21:46 116.880 setup.exe
29.05.2003 16:00 86.112 solitaireshowdown.dll
27.08.2005 13:30 5.065 swflash.inf
13.12.2005 23:44 327.408 wlscBase.dll
13.12.2005 23:46 358 wlscBase.inf
15.07.2003 22:01 526 Yahoo! Gin.osd
20.12.2002 15:15 538 Yahoo! Pyramids.osd
26.07.2004 21:36 134.747 zsetup.exe
32 Datei(en) 2.759.958 Bytes
Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1
04.11.2005 15:31 <DIR> .
04.11.2005 15:31 <DIR> ..
0 Datei(en) 0 Bytes
Anzahl der angezeigten Dateien:
32 Datei(en) 2.759.958 Bytes
3 Verzeichnis(se), 51.351.658.496 Bytes frei
10)DPF????
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 2496-AFED
Verzeichnis von C:\WINDOWS\Downloaded Program Files
25.06.2003 19:00 541 ca.pub
04.11.2005 15:31 <DIR> CONFLICT.1
17.01.2006 17:11 580.663 daas_s.dll
14.10.1997 19:52 697 DirectAnimation Java Classes.osd
25.07.2002 18:13 24.576 dwusplay.dll
25.07.2002 18:13 196.608 dwusplay.exe
28.03.2002 17:05 1.268 erma.inf
03.02.2006 11:20 188.416 fsauc.dll
16.06.2006 15:31 181.856 fscax.dll
15.06.2006 10:19 483 fscax.inf
09.09.2004 15:17 65.272 GDIChk.dll
09.09.2004 15:18 302 gdichk.inf
06.10.2005 19:19 168.448 IEAWSDC.DLL
06.10.2005 19:19 452 ieawsdc.inf
25.07.2002 18:05 172.032 isusweb.dll
25.08.2003 19:12 1.096 iuctl.inf
25.01.2006 13:43 367 LegitCheckControl.inf
29.05.2003 16:00 160.864 messengerstatsclient.dll
20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd
29.05.2003 16:00 77.408 msgrchkr.dll
30.06.2005 16:19 227 MsnMessengerSetupDownloader.inf
14.08.2005 01:26 113.664 MsnMessengerSetupDownloader.ocx
22.08.2003 22:10 226 opuc.inf
09.10.2003 10:32 144 QTPlugin.inf
02.10.2004 23:34 151.552 RSGameLoader.dll
10.01.2005 21:46 116.880 setup.exe
29.05.2003 16:00 86.112 solitaireshowdown.dll
27.08.2005 13:30 5.065 swflash.inf
13.12.2005 23:44 327.408 wlscBase.dll
13.12.2005 23:46 358 wlscBase.inf
15.07.2003 22:01 526 Yahoo! Gin.osd
20.12.2002 15:15 538 Yahoo! Pyramids.osd
26.07.2004 21:36 134.747 zsetup.exe
32 Datei(en) 2.759.958 Bytes
Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1
04.11.2005 15:31 <DIR> .
04.11.2005 15:31 <DIR> ..
0 Datei(en) 0 Bytes
Anzahl der angezeigten Dateien:
32 Datei(en) 2.759.958 Bytes
3 Verzeichnis(se), 51.351.658.496 Bytes frei
- Zed99
- Beiträge: 15
- Registriert: 23.06.2006, 11:34
von Zed99 am 02.07.2006, 08:25
(zu den Scanreports: Jene Infizierungen, die unter Quarantäne gestellt wurden, habe ich danach gelöscht)
f-secure
ZedScanning Report
Thursday, June 29, 2006 16:58:12 - 19:32:01
Computer name: HINTERHOLZER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\
--------------------------------------------------------------------------------
Result: 23 malware found
Adware.Director (spyware)
System (Disinfected)
Adware.Freeprod Toolbar (spyware)
System (Disinfected)
BargainBuddy (spyware)
System (Disinfected)
DyFuCA (spyware)
System (Disinfected)
ExactSearchBar (spyware)
System
IntexusDial (spyware)
System (Disinfected)
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Search Relevancy (spyware)
System (Disinfected)
SideFind (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
Trojan-Downloader.Win32.Agent.gf (virus)
C:\PROGRAM FILES\WINDOWS CONTROLAD\WINCTLADSHIFT.DLL (Renamed)
W32/Agent.HDQ (virus)
C:\WINDOWS\DOWNLOADED PROGRAM FILES\MINICLIPGAMELOADER.DLL
W32/Dialer.LPW (virus)
C:\WINDOWS\WINMX.EXE.EXE
Win32.Trojan.Downloader (spyware)
System (Disinfected)
Win32.TrojanDownloader.Agent.De (spyware)
System (Disinfected)
WindUpdates (spyware)
System (Disinfected)
Zango (spyware)
System (Disinfected)
istbar (spyware)
System (Disinfected)
istbar.dotcomToolbar (spyware)
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 31250
System: 20069
Not scanned: 14
Actions:
Disinfected: 14
Renamed: 1
Deleted: 0
None: 8
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{C21371FF-48DB-45B5-B52B-817FEC6F8349}.BIN
C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL
C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\DHCPCSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\WZCDLG.DLL
C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE
C:\WINDOWS\$NTUNINSTALLKB826939$\SHELL32.DLL
C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MUVEE TECHNOLOGIES\030625\0203\0200\VALUES
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-06-29
F-Secure Libra: 2.4.1, 2006-06-29
F-Secure Orion: 1.2.37, 2006-06-29
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-05-14
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
smartfix
SmitFraudFix v2.65
Scan done at 19:56:11,34, 29.06.2006
Run from C:\Dokumente und Einstellungen\Hiho\Desktop\Computer Security\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Hiho\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Hiho\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
ewido
---------------------------------------------------------
ewido anti-spyware - Scan-Bericht
---------------------------------------------------------
+ Erstellt um: 13:46:18 30.06.2006
+ Scan-Ergebnis:
C:\Dokumente und Einstellungen\Hiho\Startmenü\Programme\Power Scan -> Adware.PowerScan : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Dokumente und Einstellungen\Hiho\Startmenü\Programme\Power Scan\Power Scan.lnk -> Adware.PowerScan : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\IQProfi.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\hausaufgaben.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\referate.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\songtextzone.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\winmx.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Program Files\Windows ControlAd\WINCTLADSHIFT.0LL -> Downloader.Agent.gf : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Dokumente und Einstellungen\Hiho\im.exe -> Not-A-Virus.PSWTool.Win32.Messen.103 : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\pwha.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\Cookies\hiho@doubleclick[1].txt -> TrackingCookie.Doubleclick : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\Cookies\hiho@as1.falkag[1].txt -> TrackingCookie.Falkag : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\Cookies\hiho@mediaplex[1].txt -> TrackingCookie.Mediaplex : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\Cookies\hiho@oewabox[1].txt -> TrackingCookie.Oewabox : Gesäubert.
::Berichtende
Counterspy
Spyware Scan Details
Start Date: 30.06.2006 15:18:49
End Date: 30.06.2006 17:28:18
Total Time: 2 hrs 9 mins 29 secs
Detected spyware
MoneyTree Porn Dialer more information...
Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj
IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never
eXact.NaviSearch Adware (General) more information...
Details: Displays popup ads and hijacks Internet Explorers 404 search error page.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NaviSearch Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NaviSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NaviSearch SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NaviSearch Changed 0
IST.XXXToolbar Toolbar more information...
Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj
YourSiteBar Toolbar more information...
Details: YourSiteBar from IST, the makers of numerous spyware threats, is an affiliate based marketing toolbar.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE}
SearchMiracle.EliteBar Browser Plug-in more information...
Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform iebar
Zango.CommonElements Adware (General) more information...
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 WMDRMAx Class
Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@advertising[1].txt
ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@a[1].txt
ClickBank Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@clickbank[2].txt
DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@doubleclick[2].txt
Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@hitbox[2].txt
Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@mediaplex[1].txt
TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@tribalfusion[1].txt
f-secure
ZedScanning Report
Thursday, June 29, 2006 16:58:12 - 19:32:01
Computer name: HINTERHOLZER
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\
--------------------------------------------------------------------------------
Result: 23 malware found
Adware.Director (spyware)
System (Disinfected)
Adware.Freeprod Toolbar (spyware)
System (Disinfected)
BargainBuddy (spyware)
System (Disinfected)
DyFuCA (spyware)
System (Disinfected)
ExactSearchBar (spyware)
System
IntexusDial (spyware)
System (Disinfected)
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Search Relevancy (spyware)
System (Disinfected)
SideFind (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
Trojan-Downloader.Win32.Agent.gf (virus)
C:\PROGRAM FILES\WINDOWS CONTROLAD\WINCTLADSHIFT.DLL (Renamed)
W32/Agent.HDQ (virus)
C:\WINDOWS\DOWNLOADED PROGRAM FILES\MINICLIPGAMELOADER.DLL
W32/Dialer.LPW (virus)
C:\WINDOWS\WINMX.EXE.EXE
Win32.Trojan.Downloader (spyware)
System (Disinfected)
Win32.TrojanDownloader.Agent.De (spyware)
System (Disinfected)
WindUpdates (spyware)
System (Disinfected)
Zango (spyware)
System (Disinfected)
istbar (spyware)
System (Disinfected)
istbar.dotcomToolbar (spyware)
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 31250
System: 20069
Not scanned: 14
Actions:
Disinfected: 14
Renamed: 1
Deleted: 0
None: 8
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{C21371FF-48DB-45B5-B52B-817FEC6F8349}.BIN
C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL
C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\DHCPCSVC.DLL
C:\WINDOWS\$NTUNINSTALLKB826942$\WZCDLG.DLL
C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE
C:\WINDOWS\$NTUNINSTALLKB826939$\SHELL32.DLL
C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MUVEE TECHNOLOGIES\030625\0203\0200\VALUES
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-06-29
F-Secure Libra: 2.4.1, 2006-06-29
F-Secure Orion: 1.2.37, 2006-06-29
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-05-14
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
smartfix
SmitFraudFix v2.65
Scan done at 19:56:11,34, 29.06.2006
Run from C:\Dokumente und Einstellungen\Hiho\Desktop\Computer Security\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Hiho\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Hiho\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
ewido
---------------------------------------------------------
ewido anti-spyware - Scan-Bericht
---------------------------------------------------------
+ Erstellt um: 13:46:18 30.06.2006
+ Scan-Ergebnis:
C:\Dokumente und Einstellungen\Hiho\Startmenü\Programme\Power Scan -> Adware.PowerScan : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Dokumente und Einstellungen\Hiho\Startmenü\Programme\Power Scan\Power Scan.lnk -> Adware.PowerScan : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\IQProfi.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\hausaufgaben.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\referate.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\songtextzone.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\winmx.exe.exe -> Dialer.Intexdial : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Program Files\Windows ControlAd\WINCTLADSHIFT.0LL -> Downloader.Agent.gf : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Dokumente und Einstellungen\Hiho\im.exe -> Not-A-Virus.PSWTool.Win32.Messen.103 : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\pwha.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\Cookies\hiho@doubleclick[1].txt -> TrackingCookie.Doubleclick : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\Cookies\hiho@as1.falkag[1].txt -> TrackingCookie.Falkag : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\Cookies\hiho@mediaplex[1].txt -> TrackingCookie.Mediaplex : Gesäubert.
C:\Dokumente und Einstellungen\Hiho\Cookies\hiho@oewabox[1].txt -> TrackingCookie.Oewabox : Gesäubert.
::Berichtende
Counterspy
Spyware Scan Details
Start Date: 30.06.2006 15:18:49
End Date: 30.06.2006 17:28:18
Total Time: 2 hrs 9 mins 29 secs
Detected spyware
MoneyTree Porn Dialer more information...
Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj
IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never
eXact.NaviSearch Adware (General) more information...
Details: Displays popup ads and hijacks Internet Explorers 404 search error page.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NaviSearch Changed 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NaviSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NaviSearch SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NaviSearch Changed 0
IST.XXXToolbar Toolbar more information...
Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj
YourSiteBar Toolbar more information...
Details: YourSiteBar from IST, the makers of numerous spyware threats, is an affiliate based marketing toolbar.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll .Owner {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YSBactivex.dll {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE}
SearchMiracle.EliteBar Browser Plug-in more information...
Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform iebar
Zango.CommonElements Adware (General) more information...
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 WMDRMAx Class
Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@advertising[1].txt
ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@a[1].txt
ClickBank Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@clickbank[2].txt
DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@doubleclick[2].txt
Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@hitbox[2].txt
Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@mediaplex[1].txt
TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\dokumente und einstellungen\hiho\cookies\hiho@tribalfusion[1].txt
- Zed99
- Beiträge: 15
- Registriert: 23.06.2006, 11:34
von Nikita am 02.07.2006, 09:40
loesche:
C:\jdsaaida.bat
-------------------------------------
mache einen Onlinescan mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
C:\jdsaaida.bat
-------------------------------------
mache einen Onlinescan mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
7 Beiträge • Seite 1 von 1
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast