Home » Viren, Trojaner & Malware Forum » Trojanische Pferd TR/Drop.Delf.FD » Themenansicht

Trojanische Pferd TR/Drop.Delf.FD
#0
13.06.2005, 23:00
hSimonP
...neu hier

Beiträge: 2
#1 Hab gestern erst formatiert und nun wieder einen Trojaner auf meinem PC. Brauch mal fachkundige Hilfe!

AntiVir PE Edition Scan LOG:

13.06.2005,18:57:37 ---------------------------------------------------------
13.06.2005,18:57:37 [INIT] Der AVGuard Service wird gestarted.
13.06.2005,18:57:38 [INFO] Start Filter Device.
13.06.2005,18:57:38 [INIT] AntiVirService Version: 6.31.00.02 AVE Version 6.31.0.5 VDF Version: 6.31.0.46
13.06.2005,18:57:38 [INIT] Der AVGuard Dienst wurde erfolgreich gestartet!
13.06.2005,19:42:02 [WARNUNG] Ist das Trojanische Pferd TR/Click.NoName.A!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48232726-CAC4-4585-A33A-00817E21115F}\RP5\A0001392.EXE
[INFO] Die Datei wurde in das Quarantäneverzeichnis verschoben!
13.06.2005,20:28:44 [INFO] Stop Filter Device.
13.06.2005,20:28:45 [EXIT] Der AVGuard Dienst wurde beendet!
13.06.2005,20:30:35 ---------------------------------------------------------
13.06.2005,20:30:35 [INIT] Der AVGuard Service wird gestarted.
13.06.2005,20:30:47 [INFO] Start Filter Device.
13.06.2005,20:30:47 [INIT] AntiVirService Version: 6.31.00.02 AVE Version 6.31.0.5 VDF Version: 6.31.0.46
13.06.2005,20:30:47 [INIT] Der AVGuard Dienst wurde erfolgreich gestartet!
13.06.2005,21:33:06 [WARNUNG] Ist das Trojanische Pferd TR/Drop.Delf.FD.1!
C:\SYSTEM VOLUME INFORMATION\_RESTORE{48232726-CAC4-4585-A33A-00817E21115F}\RP5\A0001454.EXE
[INFO] Die Datei wurde in das Quarantäneverzeichnis verschoben!
13.06.2005,21:33:52 [INFO] Stop Filter Device.
13.06.2005,21:33:52 [EXIT] Der AVGuard Dienst wurde beendet!
13.06.2005,22:53:43 ---------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:07:50, on 13.06.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WF2K.EXE
C:\PROGRA~1\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\PERSON~1\MpfAgent.exe
C:\programme\divx\divx pro codec\gain_trickler_3202.exe
C:\Programme\AVPersonalPremium\AVGNT.EXE
C:\Programme\AVPersonalPremium\AVGUARD.EXE
C:\Programme\AVPersonalPremium\AVESVC.EXE
C:\Programme\AVPersonalPremium\AVWUPSRV.EXE
C:\PROGRA~1\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\AVPersonalPremium\AVMAILC.EXE
C:\Programme\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\FTP\Appz\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE Initial
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Trickler] "c:\programme\divx\divx pro codec\gain_trickler_3202.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonalPremium\AVGNT.EXE" /min
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{74398199-2687-45DD-81E9-C56BBD3B542D}: NameServer = 217.237.148.1 217.237.148.17
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - AntiVir PersonalProducts GmbH. - C:\Programme\AVPersonalPremium\AVMAILC.EXE
O23 - Service: AntiVir Service (AntiVirService) - AntiVir PersonalProducts GmbH - C:\Programme\AVPersonalPremium\AVGUARD.EXE
O23 - Service: AVE Service (AVEService) - AntiVir PersonalProducts GmbH - C:\Programme\AVPersonalPremium\AVESVC.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonalPremium\AVWUPSRV.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

// AD-WARE SE LOG: (falls er was hilft)

Ad-Aware SE Build 1.04
Logfile Created on:Montag, 13. Juni 2005 23:18:13
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Claria(TAC index:7):5 total references
MRU List(TAC index:0):25 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


13.06.2005 23:18:13 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 568
ThreadCreationTime : 13.06.2005 20:52:30
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 13.06.2005 20:52:32
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 13.06.2005 20:52:33
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 13.06.2005 20:52:33
BasePriority : Normal
FileVersion : 5.1.2600.0
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 712
ThreadCreationTime : 13.06.2005 20:52:33
BasePriority : Normal
FileVersion : 5.1.2600.0
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 876
ThreadCreationTime : 13.06.2005 20:52:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 976
ThreadCreationTime : 13.06.2005 20:52:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1148
ThreadCreationTime : 13.06.2005 20:52:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1160
ThreadCreationTime : 13.06.2005 20:52:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 13.06.2005 20:52:33
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1536
ThreadCreationTime : 13.06.2005 20:53:05
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:12 [wf2k.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1956
ThreadCreationTime : 13.06.2005 20:53:06
BasePriority : Normal
FileVersion : 5.13.01.2003-3.03
ProductVersion : 5.00
ProductName : WinFox V2.0 (Windows 95/98//ME/2000/XP)
CompanyName : Leadtek Research Inc.
FileDescription : WinFox II
InternalName : WinFox II
LegalCopyright : Copyright(c) 2001-2003 Leadtek Research Inc.
OriginalFilename : WF2K.EXE

#:13 [mpftray.exe]
FilePath : C:\PROGRA~1\PERSON~1\
ProcessID : 1968
ThreadCreationTime : 13.06.2005 20:53:06
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:14 [cthelper.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1984
ThreadCreationTime : 13.06.2005 20:53:06
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright (C) 2002
OriginalFilename : CtHelper.EXE

#:15 [mpfagent.exe]
FilePath : C:\PROGRA~1\PERSON~1\
ProcessID : 2044
ThreadCreationTime : 13.06.2005 20:53:06
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:16 [gain_trickler_3202.exe]
FilePath : C:\programme\divx\divx pro codec\
ProcessID : 224
ThreadCreationTime : 13.06.2005 20:53:06
BasePriority : Normal
FileVersion : 3.2.0.2
ProductVersion : 3.2.0.2
OriginalFilename : Trickler.exe
Warning! Claria Object found in memory(C:\programme\divx\divx pro codec\gain_trickler_3202.exe)

Claria Object Recognized!
Type : Process
Data : gain_trickler_3202.exe
Category : Data Miner
Comment :
Object : C:\programme\divx\divx pro codec\
FileVersion : 3.2.0.2
ProductVersion : 3.2.0.2
OriginalFilename : Trickler.exe

"C:\programme\divx\divx pro codec\gain_trickler_3202.exe"Process terminated successfully
"C:\programme\divx\divx pro codec\gain_trickler_3202.exe"Process terminated successfully

#:17 [avgnt.exe]
FilePath : C:\Programme\AVPersonalPremium\
ProcessID : 232
ThreadCreationTime : 13.06.2005 20:53:07
BasePriority : Normal


#:18 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 508
ThreadCreationTime : 13.06.2005 20:53:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [avguard.exe]
FilePath : C:\Programme\AVPersonalPremium\
ProcessID : 524
ThreadCreationTime : 13.06.2005 20:53:43
BasePriority : Normal


#:20 [avesvc.exe]
FilePath : C:\Programme\AVPersonalPremium\
ProcessID : 536
ThreadCreationTime : 13.06.2005 20:53:43
BasePriority : Normal


#:21 [avwupsrv.exe]
FilePath : C:\Programme\AVPersonalPremium\
ProcessID : 136
ThreadCreationTime : 13.06.2005 20:53:44
BasePriority : Normal


#:22 [mpfservice.exe]
FilePath : C:\PROGRA~1\PERSON~1\
ProcessID : 628
ThreadCreationTime : 13.06.2005 20:53:44
BasePriority : Normal
FileVersion : 6.0.0.14
ProductVersion : 6.0.0.14
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:23 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 920
ThreadCreationTime : 13.06.2005 20:53:47
BasePriority : Normal
FileVersion : 6.14.10.7189
ProductVersion : 6.14.10.7189
ProductName : NVIDIA Driver Helper Service, Version 71.89
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.89
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:24 [avmailc.exe]
FilePath : C:\Programme\AVPersonalPremium\
ProcessID : 1236
ThreadCreationTime : 13.06.2005 20:53:47
BasePriority : Normal


#:25 [wmplayer.exe]
FilePath : C:\Programme\Windows Media Player\
ProcessID : 948
ThreadCreationTime : 13.06.2005 20:57:12
BasePriority : Normal
FileVersion : 10.00.00.3646
ProductVersion : 10.00.00.3646
ProductName : Microsoft(R) Windows Media Player
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player
InternalName : WMPLAYER.EXE
LegalCopyright : (C) Microsoft Corporation. All rights reserved.
OriginalFilename : WMPLAYER.EXE

#:26 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ProcessID : 932
ThreadCreationTime : 13.06.2005 21:00:09
BasePriority : Normal


#:27 [imapi.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3408
ThreadCreationTime : 13.06.2005 21:10:40
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : IMAPI-Modul
CompanyName : Microsoft Corporation
FileDescription : IMAPI-Modul
InternalName : IMAPI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IMAPI.EXE

#:28 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3708
ThreadCreationTime : 13.06.2005 21:18:05
BasePriority : Normal
FileVersion : 6.2.0.200
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com

Claria Object Recognized!
Type : RegValue
Data : Trickler
Category : Data Miner
Comment : "Trickler"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Trickler

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "Trickler"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Run
Value : Trickler

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 5


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tradedoubler[2].txt
Category : Data Miner
Comment : 13.06.2005 18:58:56
Value : Cookie:administrator@tradedoubler.com/
Expires : 13.07.2005 18:45:34
LastSync : 13.06.2005 18:58:56
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[2].txt
Category : Data Miner
Comment : 13.06.2005 19:06:22
Value : Cookie:administrator@2o7.net/
Expires : 12.06.2010 18:57:12
LastSync : 13.06.2005 19:06:22
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@as1.falkag[1].txt
Category : Data Miner
Comment : 13.06.2005 19:01:34
Value : Cookie:administrator@as1.falkag.de/
Expires : 13.07.2005 18:52:26
LastSync : 13.06.2005 19:01:34
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[2].txt
Category : Data Miner
Comment : 13.06.2005 18:58:26
Value : Cookie:administrator@doubleclick.net/
Expires : 12.06.2008 18:49:08
LastSync : 13.06.2005 18:58:26
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 9



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

Disk Scan Result for C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 9



MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Administrator\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1757981266-562591055-725345543-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34

23:19:46 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:33.156
Objects scanned:58352
Objects identified:9
Objects ignored:0
New critical objects:9


Dieser Beitrag wurde am 13.06.2005 um 23:13 Uhr von hSimonP editiert.
Seitenanfang Seitenende
14.06.2005, 17:38
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 das ist noch in der Systemwiederherstellung verankert, also wenn du mal eine Wiederherstellung machst, hast du den Virus wieder aktiv

http://virus-protect.org/Systemwiederherstellung.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.06.2005, 16:31
hSimonP
...neu hier

Themenstarter

Beiträge: 2
#3 okay danke für die hilfe. denke der virus ist weg und beim nächsten mal wende ich mich einfach wieder an dich sabina ;p

tschö
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1