Virenbefall/Spysheriff?Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
25.09.2006, 23:01
Ehrenmitglied
Beiträge: 29434 |
||
|
||
30.09.2006, 16:14
...neu hier
Themenstarter Beiträge: 10 |
#17
Hallo,
hier poste ich den Avenger. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ikdhqqxe ******************* Script file located at: \??\C:\Program Files\royqrjhj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Programme\Internet Explorer\win32hp.dat deleted successfully. File C:\WINDOWS\system32\win32hp.dll not found! Deletion of file C:\WINDOWS\system32\win32hp.dll failed! Could not process line: C:\WINDOWS\system32\win32hp.dll Status: 0xc0000034 File C:\Programme\Internet Explorer\winbrume.dat deleted successfully. Completed script processing. ******************* Finished! Terminate. Spyware Scan Details Start Date: 30.09.2006 16:30:30 End Date: 30.09.2006 17:10:58 Total Time: 40 mins 28 secs Detected spyware Topconverting Crazywinnings Adware (General) more information... Details: Topconverting installs via online games through ActiveX drive by download. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\TPUSN HKEY_CLASSES_ROOT\TPUSN TPUSN_smni 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_bundle 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_optimize 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_ucmore 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_id 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_once 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TopConverting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TopConverting DisplayName arkanoid Game HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TopConverting UninstallString C:\Programme\TopConverting\arkanoid\arkanoid.exe /uninstall HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}\InprocServer32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\loader2.ocx HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} Loader2 Property Page Unclassified.Trojan.E Trojan more information... Status: Deleted Infected files detected c:\windows\system32\tmp.exe MediaTickets CDT Adware (General) more information... Details: MediaTickets CDT is an adware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Deleted Infected files detected c:\windows\system32\winttr.exe Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 ppcimdnnnjbeahepfabjipfginloedkg egckak HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo ejemdn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo bihgbp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx .Owner {9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx {9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo bihgbp Integrated Search Technologies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo ejemdn MediaTickets HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 ppcimdnnnjbeahepfabjipfginloedkg egckak CDT inc. Trojan-Downloader.Win32.Small.dkt Trojan Downloader more information... Status: Deleted Infected files detected c:\windows\system32\ansi.cfg IESearchToolbar Toolbar more information... Details: IESearchToolbar is an Internet Explorer toolbar that hijacks the web browser search settings. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{EB381422-F797-4A98-A266-9DC490821907} HKEY_CLASSES_ROOT\clsid\{EB381422-F797-4A98-A266-9DC490821907}\InProcServer32 C:\Programme\IESearchToolbar\IESearchToolbar.dll HKEY_CLASSES_ROOT\clsid\{EB381422-F797-4A98-A266-9DC490821907}\InProcServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{EB381422-F797-4A98-A266-9DC490821907} IE Search Toolbar HKEY_LOCAL_MACHINE\Software\Perezzz Software HKEY_LOCAL_MACHINE\Software\Perezzz Software\IESearchToolbar first HKEY_LOCAL_MACHINE\Software\Perezzz Software\IESearchToolbar first_start 0 BrowserVillage Toolbar Toolbar more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx .Owner {79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx {79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\loader2.ocx WindUpdates Browser Plug-in more information... Details: WindUpdates is an adware application that installs as a browser plug-in and displays advertising on the desktop. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\WindUpdates HKEY_LOCAL_MACHINE\SOFTWARE\WindUpdates param 07698e4871739912c5b8c330ba0bc6ada80041adfc2142:3062383939323536303166336639343032386335336535636538386664346433 MegaSearch Hijacker more information... Details: MegaSearch is a browser helper object for Internet Explorer that modifies search behavior and changes the default SearchAssistant. MegaSearch also displays popup ads. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\MegaHost HKEY_CURRENT_USER\Software\MegaHost page 0 HKEY_CURRENT_USER\Software\MegaHost Use Search Asst yes HKEY_CURRENT_USER\Software\MegaHost SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_CURRENT_USER\Software\MegaHost Start Page http://find-on-the-net.com HKEY_CURRENT_USER\Software\MegaHost cid 0d950a54-28a5-4510-9637-db647440e388 HKEY_CURRENT_USER\Software\MegaHost Version 6 HKEY_CURRENT_USER\Software\MegaHost day 25 HKEY_CURRENT_USER\Software\MegaHost url http://69.50.164.11/v1/mh.php?pid=devil01&cid=0d950a54-28a5-4510-9637-db647440e388&p=no&t=yes&vh=6&vt=1 SpySheriff Rogue Security Program more information... Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\SNO2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ForceActiveDesktopOn Trojan-Proxy.Atiup Backdoor more information... Details: Trojan-Proxy.Atiup is a trojan that runs as a proxy on the infected machine. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft ATI_VER Backdoor.Agent.ACT Backdoor more information... Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\DMSDOS HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks tibs2 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks overp1 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks yousiteb1 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks loud1 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks topconver1 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS Temporary Loader File Name C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\WindowsUpdate46968[1].exe HKEY_CURRENT_USER\Software\Microsoft\DMSDOS Last Update 2004/11/27 11:24:04 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS Id E7C2C2E0CF7E4A1EBB5911C85B28D028 PWS-Banker Password Cracker/Stealer more information... Details: PWS-Banker is trojan that steals passwords and sensitive data from the infected computer. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\AppID\{73364D99-1240-4dff-B11A-67E448373048} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73364D99-1240-4DFF-B11A-67E448373048} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73364D99-1240-4DFF-B11A-67E448373048}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73364D99-1240-4DFF-B11A-67E448373048}\iexplore Count 125 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73364D99-1240-4DFF-B11A-67E448373048}\iexplore Time Daosearch Toolbar Toolbar more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{EB381422-F797-4A98-A266-9DC490821907} HKEY_CLASSES_ROOT\CLSID\{EB381422-F797-4A98-A266-9DC490821907}\InProcServer32 C:\Programme\IESearchToolbar\IESearchToolbar.dll HKEY_CLASSES_ROOT\CLSID\{EB381422-F797-4A98-A266-9DC490821907}\InProcServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{EB381422-F797-4A98-A266-9DC490821907} IE Search Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69753829-779C-45e7-9D8C-C79CE0989246} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69753829-779C-45e7-9D8C-C79CE0989246} UninstallString C:\Programme\IESearchToolbar\iesearchtoolbar_uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69753829-779C-45e7-9D8C-C79CE0989246} DisplayName IE Search Toolbar plugin HKEY_LOCAL_MACHINE\SOFTWARE\Perezzz Software\IESearchToolbar HKEY_LOCAL_MACHINE\SOFTWARE\Perezzz Software\IESearchToolbar first HKEY_LOCAL_MACHINE\SOFTWARE\Perezzz Software\IESearchToolbar first_start 0 Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\andreas\cookies\andreas@a[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\andreas\cookies\andreas@doubleclick[1].txt Cookie: QuestionMarket.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\andreas\cookies\andreas@questionmarket[2].txt Cookie: BS.Serving-Sys Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\andreas\cookies\andreas@serving-sys[2].txt MFG Zaubermaus Dieser Beitrag wurde am 30.09.2006 um 17:45 Uhr von zaubermaus72 editiert.
|
|
|
||
30.09.2006, 16:16
Ehrenmitglied
Beiträge: 29434 |
#18
scanne mit counterspy, stelle nach dem scan alles auf remove und poste den report
http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.09.2006, 17:46
...neu hier
Themenstarter Beiträge: 10 |
#19
Hallo, habe mit Counterspy gearbeitet.
Spyware Scan Details Start Date: 30.09.2006 16:30:30 End Date: 30.09.2006 17:10:58 Total Time: 40 mins 28 secs Detected spyware Topconverting Crazywinnings Adware (General) more information... Details: Topconverting installs via online games through ActiveX drive by download. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\TPUSN HKEY_CLASSES_ROOT\TPUSN TPUSN_smni 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_bundle 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_optimize 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_ucmore 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_id 1 HKEY_CLASSES_ROOT\TPUSN TPUSN_once 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TopConverting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TopConverting DisplayName arkanoid Game HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TopConverting UninstallString C:\Programme\TopConverting\arkanoid\arkanoid.exe /uninstall HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4}\InprocServer32 C:\WINDOWS\DOWNLO~1\CONFLICT.1\loader2.ocx HKEY_CLASSES_ROOT\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} Loader2 Property Page Unclassified.Trojan.E Trojan more information... Status: Deleted Infected files detected c:\windows\system32\tmp.exe MediaTickets CDT Adware (General) more information... Details: MediaTickets CDT is an adware program that displays advertisements, reduces the security settings for the Trusted Sites zone in Internet Explorer, and attempts to fraudulently install trusted publishers. Status: Deleted Infected files detected c:\windows\system32\winttr.exe Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 ppcimdnnnjbeahepfabjipfginloedkg egckak HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo ejemdn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo bihgbp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx .Owner {9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaTicketsInstaller.ocx {9EB320CE-BE1D-4304-A081-4B4665414BEF} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo bihgbp Integrated Search Technologies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 goicfboogidikkejccmclpieicihhlpo ejemdn MediaTickets HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 ppcimdnnnjbeahepfabjipfginloedkg egckak CDT inc. Trojan-Downloader.Win32.Small.dkt Trojan Downloader more information... Status: Deleted Infected files detected c:\windows\system32\ansi.cfg IESearchToolbar Toolbar more information... Details: IESearchToolbar is an Internet Explorer toolbar that hijacks the web browser search settings. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{EB381422-F797-4A98-A266-9DC490821907} HKEY_CLASSES_ROOT\clsid\{EB381422-F797-4A98-A266-9DC490821907}\InProcServer32 C:\Programme\IESearchToolbar\IESearchToolbar.dll HKEY_CLASSES_ROOT\clsid\{EB381422-F797-4A98-A266-9DC490821907}\InProcServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{EB381422-F797-4A98-A266-9DC490821907} IE Search Toolbar HKEY_LOCAL_MACHINE\Software\Perezzz Software HKEY_LOCAL_MACHINE\Software\Perezzz Software\IESearchToolbar first HKEY_LOCAL_MACHINE\Software\Perezzz Software\IESearchToolbar first_start 0 BrowserVillage Toolbar Toolbar more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx .Owner {79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx {79849612-A98F-45B8-95E9-4D13C7B6B35C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\loader2.ocx WindUpdates Browser Plug-in more information... Details: WindUpdates is an adware application that installs as a browser plug-in and displays advertising on the desktop. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\WindUpdates HKEY_LOCAL_MACHINE\SOFTWARE\WindUpdates param 07698e4871739912c5b8c330ba0bc6ada80041adfc2142:3062383939323536303166336639343032386335336535636538386664346433 MegaSearch Hijacker more information... Details: MegaSearch is a browser helper object for Internet Explorer that modifies search behavior and changes the default SearchAssistant. MegaSearch also displays popup ads. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\MegaHost HKEY_CURRENT_USER\Software\MegaHost page 0 HKEY_CURRENT_USER\Software\MegaHost Use Search Asst yes HKEY_CURRENT_USER\Software\MegaHost SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_CURRENT_USER\Software\MegaHost Start Page http://find-on-the-net.com HKEY_CURRENT_USER\Software\MegaHost cid 0d950a54-28a5-4510-9637-db647440e388 HKEY_CURRENT_USER\Software\MegaHost Version 6 HKEY_CURRENT_USER\Software\MegaHost day 25 HKEY_CURRENT_USER\Software\MegaHost url http://69.50.164.11/v1/mh.php?pid=devil01&cid=0d950a54-28a5-4510-9637-db647440e388&p=no&t=yes&vh=6&vt=1 SpySheriff Rogue Security Program more information... Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\SNO2 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ForceActiveDesktopOn Trojan-Proxy.Atiup Backdoor more information... Details: Trojan-Proxy.Atiup is a trojan that runs as a proxy on the infected machine. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft ATI_VER Backdoor.Agent.ACT Backdoor more information... Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\DMSDOS HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks tibs2 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks overp1 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks yousiteb1 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks loud1 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS\Tasks topconver1 3 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS Temporary Loader File Name C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\WindowsUpdate46968[1].exe HKEY_CURRENT_USER\Software\Microsoft\DMSDOS Last Update 2004/11/27 11:24:04 HKEY_CURRENT_USER\Software\Microsoft\DMSDOS Id E7C2C2E0CF7E4A1EBB5911C85B28D028 PWS-Banker Password Cracker/Stealer more information... Details: PWS-Banker is trojan that steals passwords and sensitive data from the infected computer. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\AppID\{73364D99-1240-4dff-B11A-67E448373048} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73364D99-1240-4DFF-B11A-67E448373048} HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73364D99-1240-4DFF-B11A-67E448373048}\iexplore Type 3 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73364D99-1240-4DFF-B11A-67E448373048}\iexplore Count 125 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73364D99-1240-4DFF-B11A-67E448373048}\iexplore Time Daosearch Toolbar Toolbar more information... Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{EB381422-F797-4A98-A266-9DC490821907} HKEY_CLASSES_ROOT\CLSID\{EB381422-F797-4A98-A266-9DC490821907}\InProcServer32 C:\Programme\IESearchToolbar\IESearchToolbar.dll HKEY_CLASSES_ROOT\CLSID\{EB381422-F797-4A98-A266-9DC490821907}\InProcServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{EB381422-F797-4A98-A266-9DC490821907} IE Search Toolbar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69753829-779C-45e7-9D8C-C79CE0989246} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69753829-779C-45e7-9D8C-C79CE0989246} UninstallString C:\Programme\IESearchToolbar\iesearchtoolbar_uninstall.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69753829-779C-45e7-9D8C-C79CE0989246} DisplayName IE Search Toolbar plugin HKEY_LOCAL_MACHINE\SOFTWARE\Perezzz Software\IESearchToolbar HKEY_LOCAL_MACHINE\SOFTWARE\Perezzz Software\IESearchToolbar first HKEY_LOCAL_MACHINE\SOFTWARE\Perezzz Software\IESearchToolbar first_start 0 Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\andreas\cookies\andreas@a[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\andreas\cookies\andreas@doubleclick[1].txt Cookie: QuestionMarket.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\andreas\cookies\andreas@questionmarket[2].txt Cookie: BS.Serving-Sys Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\andreas\cookies\andreas@serving-sys[2].txt MFG Zaubermaus |
|
|
||
30.09.2006, 18:03
Ehrenmitglied
Beiträge: 29434 |
#20
oh je...was fuer ein muell du im laufe der Zeit so geladen hast.
wenn du mal ans Formatieren denkst, so zoegere nicht bis jetzt muesste wieder alles notduerftig o.k. sein nur ein Tip: die Windowsupdates von microsoft kommen NIE ueber mail, ..... !! Sei also misstrauischer, klicke nicht auf alles was blinkt, denn oft verbergen sich Backdoors und Trojaner dahinter. ---- Avenger Zitat registry keys to delete: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.09.2006, 20:43
...neu hier
Themenstarter Beiträge: 10 |
#21
Hallo, super-herzlichen Dank für die viele Zeit, die Du damit verbracht hast, unserem PC wieder auf die Sprünge zu helfen. Wenn ich das richtig gesehen habe, kann man sich per PayPal erkenntlich zeigen. Das werden wir gerne tun.
Ich habe auch den letzten Schritt durchgeführt und gepostet. Wir werden den PC dann wohl mal formatieren. Danke jedenfalls für alles. War ein super Tipp von audipower, sich an Dich zu wenden. MFG zaubermaus Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kioecoqs ******************* Script file located at: \??\C:\bxawatix.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ENUM\ROOT\LEGACY_SERVICE not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ENUM\ROOT\LEGACY_SERVICE failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ENUM\ROOT\LEGACY_SERVICE Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\ENUM\ROOT\LEGACY_SERVICE not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\ENUM\ROOT\LEGACY_SERVICE failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\ENUM\ROOT\LEGACY_SERVICE Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\ENUM\ROOT\LEGACY_SERVICE not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\ENUM\ROOT\LEGACY_SERVICE failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\ENUM\ROOT\LEGACY_SERVICE Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_SERVICE not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_SERVICE failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_SERVICE Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
Avenger
Zitat
««scanne mit counterspy, stelle nach dem scan alles auf remove und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina
rund um die PC-Sicherheit