CounterSpy
Scan History Details
Start Date: 12.12.2007 19:18:02
End Date: 12.12.2007 19:43:44
Total Time: 25 Min 42 Sec
Detected security risks
Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted
Cookies detected
c:\users\ali\appdata\roaming\microsoft\windows\cookies\ali@atdmt[1].txt
c:\users\ali\appdata\roaming\microsoft\windows\cookies\low\ali@atdmt[2].txt
Cookie: BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted
Cookies detected
c:\users\ali\appdata\roaming\microsoft\windows\cookies\low\ali@bs.serving-sys[1].txt
c:\users\ali\appdata\roaming\microsoft\windows\cookies\low\ali@serving-sys[1].txt
Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted
Cookies detected
c:\users\ali\appdata\roaming\microsoft\windows\cookies\low\ali@doubleclick[1].txt
Cookie: Overture.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted
Cookies detected
c:\users\ali\appdata\roaming\microsoft\windows\cookies\low\ali@overture[1].txt
Cookie: Weborama Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted
Cookies detected
c:\users\ali\appdata\roaming\microsoft\windows\cookies\ali@weborama[2].txt
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:26, on 12.12.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\avmwlanstick\FRITZWLanMini.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sunbelt Software\CounterSpy\CounterSpy.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://de.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6145\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8442 bytes
VistaScan
Die 30 neuesten Dateien im Ordner Windows:
***** ***** ***** ***** *****
***** Scanning C:\Windows *****
***** ***** ***** ***** *****
07.11.2099 DIFxAPI.dll 05 40:319.456
07.11.2099 HideWin.exe 05 39:315.392
06.11.2099 WindowsShell.Manifest 08 34:749
12.12.2007 bootstat.dat 19 45:67.584
12.12.2007 ntbtlog.txt 19 44:111.796
12.12.2007 WindowsUpdate.log 19 15:1.783.087
05.12.2007 nsreg.dat 22 20:0
18.11.2007 buhl.ini 01 56:96
18.11.2007 _delis32.ini 01 31:260
18.11.2007 bwUnin-6.1.4.36-8876480L.exe 01 31:81.920
15.11.2007 explorer.exe 02 34:2.923.520
23.04.2007 RtHDVCpl.exe 08 51:4.435.968
13.04.2007 SkyTel.exe 08 36:1.822.720
20.03.2007 P17EP.ini 10 23:1.669
16.01.2007 RtlUpd.exe 03 39:1.191.936
12.01.2007 RtlExUpd.dll 09 54:520.192
28.12.2006 instwcli.inf 00 02:7.031
15.12.2006 ResDefE.exe 03 41:8.192
02.11.2006 win.ini 14 02:144
02.11.2006 WMSysPr9.prx 13 33:316.640
02.11.2006 twunk_16.exe 13 32:49.680
02.11.2006 twain_32.dll 13 32:50.688
02.11.2006 twunk_32.exe 13 32:31.232
02.11.2006 twain.dll 13 32:94.784
02.11.2006 notepad.exe 13 32:151.040
02.11.2006 winhlp32.exe 10 45:9.216
02.11.2006 regedit.exe 10 45:134.656
Die 50 neuesten Dateien im Ordner Windows\system32:
***** ***** ***** ***** *****
***** Scanning C:\Windows\system32 *****
***** ***** ***** ***** *****
07.11.2099 wrap_oal.dll 05 47:409.600
07.11.2099 OpenAL32.dll 05 47:114.688
07.11.2099 license.rtf 05 24:59.590
06.11.2099 riched20.dll 08 29:467.456
06.11.2099 riched32.dll 08 29:8.192
06.11.2099 kmddsp.tsp 08 29:38.400
06.11.2099 rasser.dll 08 29:22.016
06.11.2099 rascfg.dll 08 29:77.824
06.11.2099 rasdiag.dll 08 29:52.736
06.11.2099 ndptsp.tsp 08 29:49.664
06.11.2099 rasctrnm.h 08 29:1.820
06.11.2099 rasmxs.dll 08 29:32.768
06.11.2099 netcfgx.dll 08 29:384.000
06.11.2099 msftedit.dll 08 29:564.736
06.11.2099 icsunattend.exe 08 29:13.824
06.11.2099 ipnathlp.dll 08 29:286.208
06.11.2099 wshqos.dll 08 29:13.824
06.11.2099 traffic.dll 08 29:33.280
06.11.2099 pacerprf.dll 08 29:15.360
06.11.2099 localspl.dll 08 29:694.784
06.11.2099 cdd.dll 08 29:36.864
06.11.2099 dps.dll 08 29:134.656
06.11.2099 ACCTRES.dll 08 28:39.424
06.11.2099 msoeacct.dll 08 28:205.824
06.11.2099 msoert2.dll 08 28:87.040
06.11.2099 csrsrv.dll 08 27:49.664
06.11.2099 winsrv.dll 08 27:376.320
06.11.2099 mcupdate_GenuineIntel.dll 08 24:374.456
06.11.2099 msscp.dll 08 23:414.208
06.11.2099 wmploc.DLL 08 22:8.147.968
06.11.2099 wmp.dll 08 22:10.617.344
06.11.2099 spwmp.dll 08 22:7.680
06.11.2099 dxmasf.dll 08 22:4.096
06.11.2099 msdxm.ocx 08 22:4.096
06.11.2099 MediaMetadataHandler.dll 08 22:356.864
06.11.2099 FirewallAPI.dll 08 21:392.192
06.11.2099 MPSSVC.dll 08 21:396.800
06.11.2099 icfupgd.dll 08 21:86.016
06.11.2099 wfapigp.dll 08 21:16.896
06.11.2099 cmifw.dll 08 21:61.952
06.11.2099 iphlpsvc.dll 08 21:178.688
06.11.2099 DWWIN.EXE 08 20:104.448
06.11.2099 msxml3.dll 08 20:1.191.936
06.11.2099 msxml3r.dll 08 20:2.048
06.11.2099 LangCleanupSysprepAction.dll 08 19:25.600
06.11.2099 lpksetup.exe 08 19:166.912
06.11.2099 MUILanguageCleanup.dll 08 19:10.240
***** ***** ***** ***** *****
***** Scanning C:\Windows\system32\drivers\etc\hosts *****
***** ***** ***** ***** *****
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
***** ***** ***** ***** *****
***** Scanning Processe *****
***** ***** ***** ***** *****
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 28 K
System 4 Services 0 2.788 K
smss.exe 548 Services 0 600 K
csrss.exe 616 Services 0 3.760 K
wininit.exe 656 Services 0 2.956 K
csrss.exe 672 Console 1 8.644 K
services.exe 708 Services 0 4.280 K
lsass.exe 720 Services 0 6.640 K
lsm.exe 728 Services 0 3.028 K
winlogon.exe 824 Console 1 4.564 K
svchost.exe 908 Services 0 5.036 K
svchost.exe 964 Services 0 6.100 K
svchost.exe 1108 Services 0 9.388 K
svchost.exe 1132 Services 0 62.324 K
LVPrcSrv.exe 1180 Services 0 3.308 K
svchost.exe 1200 Services 0 22.624 K
audiodg.exe 1276 Services 0 12.492 K
SLsvc.exe 1320 Services 0 3.548 K
svchost.exe 1392 Services 0 9.936 K
svchost.exe 1552 Services 0 9.920 K
spoolsv.exe 1756 Services 0 7.100 K
svchost.exe 1788 Services 0 10.216 K
dwm.exe 368 Console 1 37.708 K
taskeng.exe 492 Console 1 8.652 K
explorer.exe 556 Console 1 37.920 K
FRITZWLanMini.exe 1680 Console 1 3.616 K
rundll32.exe 760 Console 1 3.516 K
Communications_Helper.exe 764 Console 1 3.900 K
mcagent.exe 2064 Console 1 1.796 K
avgas.exe 2080 Console 1 3.984 K
SBCSTray.exe 2088 Console 1 4.888 K
sidebar.exe 2096 Console 1 21.568 K
sidebar.exe 2280 Console 1 13.088 K
CounterSpy.exe 2452 Console 1 35.620 K
guard.exe 2632 Services 0 3.016 K
WLanNetService.exe 2660 Services 0 4.192 K
mDNSResponder.exe 2684 Services 0 3.692 K
McProxy.exe 2876 Services 0 2.596 K
Mcshield.exe 2896 Services 0 22.968 K
MpfSrv.exe 2972 Services 0 11.748 K
svchost.exe 3116 Services 0 3.656 K
SBCSSvc.exe 3152 Services 0 8.128 K
SAService.exe 3236 Services 0 3.140 K
StarWindServiceAE.exe 3256 Services 0 3.764 K
svchost.exe 3268 Services 0 4.744 K
svchost.exe 3320 Services 0 1.836 K
SearchIndexer.exe 3372 Services 0 19.340 K
mcmscsvc.exe 3660 Services 0 3.532 K
WmiPrvSE.exe 3856 Services 0 7.496 K
taskeng.exe 3920 Services 0 4.912 K
WmiPrvSE.exe 3504 Services 0 4.828 K
ieuser.exe 2588 Console 1 12.268 K
unsecapp.exe 1832 Console 1 4.484 K
mcsysmon.exe 4228 Services 0 3.976 K
McNASvc.exe 4416 Services 0 7.548 K
notepad.exe 5272 Console 1 7.064 K
conime.exe 4968 Console 1 3.476 K
WinRAR.exe 3852 Console 1 12.268 K
cmd.exe 4348 Console 1 3.596 K
tasklist.exe 3608 Console 1 4.676 K
Microsoft Windows [Version 6.0.6000]
http://www.paules-pc-forum.de
***** Malware Team *****
***** Ende des Scans 12.12.2007 um 19:52:47,31 ***
So brauchst du sonst noch was ?
