Home » Viren, Trojaner & Malware Forum » AntiVir Fehlermeldung vtstr.exe » Themenansicht

AntiVir Fehlermeldung vtstr.exe
#0
17.01.2008, 11:06
Pinguin
Ehrenmitglied
Avatar Pinguin

Beiträge: 1441
#16 Hallo jb1957 ;)

Dcads Toolbar is a fake toolbar that demonstrates spyware tendencies....IntelligentAdvisor - ist auch nicht koscher, Save auch nicht ...also: weg mit dem Müll !!!

HijackTHis
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only

Setze ein Häckchen in das Kästchen vor den genannten Eintrag (sofern er noch vorhanden ist....)
und wähle fix checked + starte den Rechner neu.

Zitat

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll

O2 - BHO: (no name) - {5A6529DF-4C86-4746-8768-663240287169} - C:\WINDOWS\system32\vtstr.dll

O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Programme\IntelligentAdvisor\IntelligentAdvisor-2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {90A22E29-FE54-447F-B5ED-6091733AB22F} - C:\WINDOWS\system32\wvurpqn.dll

O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file)

O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
Combofix:
erstelle wieder eine txt-Datei + wieder auf Combofix ziehen - Combofix wieder anwenden - 1 tippen

Zitat

Folder::
C:\Programme\IntelligentAdvisor
C:\Programme\Save
C:\Programme\Dcads Games Collection

File::
C:\WINDOWS\system32\wvurpqn.dll
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\dcads_sidebar.dll

««
scanne mit counterspy (2 Wochen free) - poste hier den scanreport
http://www.virus-protect.org/counterspy1.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/
Seitenanfang Seitenende
18.01.2008, 15:34
jb1957
...neu hier

Themenstarter

Beiträge: 9
#17 Hallo Pinguin

hier ist der scanreport
Viele Grüsse
jb1957

Scan History Details
Start Date: 2008-01-17 16:43:40
End Date: 2008-01-17 19:06:48
Total Time: 143 Min 8 Sec
Detected security risks

BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE
HKEY_LOCAL_MACHINE\SOFTWARE\BEARSHARE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE
HKEY_LOCAL_MACHINE\Software\Classes\GNUFILE\shell
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{5F95E1AF-2620-4F15-BDF9-7FDCE4607E17}


Morpheus P2P Program more information...
Details: P2P file sharing program that installs a number of adware programs. Morpheus also displays its own popup advertsing.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT
HKEY_LOCAL_MACHINE\Software\Classes\MORPHTORRENT\shell


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Files detected
C:\Dokumente und Einstellungen\Spiele\Lokale Einstellungen\Temp\TMP146.tmp
C:\QooBox\Quarantine\C\Programme\Save\ACM.dll.vir
C:\QooBox\Quarantine\C\Programme\Save\ffext.mod.vir
C:\QooBox\Quarantine\C\Programme\Save\SaveNowupdate.exe.vir

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE\Partners\WUSV
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE
HKEY_LOCAL_MACHINE\SOFTWARE\WHENUSAVE


Give4Free Browser Plug-in more information...
Status: Deleted

Files detected
C:\PROGRAMME\GIVE4FREE PLUGIN\data
c:\programme\give4free plugin\ibho.dll
C:\PROGRAMME\GIVE4FREE PLUGIN\uninstall.exe
C:\PROGRAMME\GIVE4FREE PLUGIN

Registry entries detected
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{208E7E77-507A-4649-B0C9-D39E9049C7A2}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{208E7E77-507A-4649-B0C9-D39E9049C7A2}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{208E7E77-507A-4649-B0C9-D39E9049C7A2}\Implemented Categories
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{208E7E77-507A-4649-B0C9-D39E9049C7A2}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{208E7E77-507A-4649-B0C9-D39E9049C7A2}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{208E7E77-507A-4649-B0C9-D39E9049C7A2}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{208E7E77-507A-4649-B0C9-D39E9049C7A2}\InProcServer32
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{208E7E77-507A-4649-B0C9-D39E9049C7A2}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\GIVE4FREE PLUGIN
HKEY_LOCAL_MACHINE\SOFTWARE\GIVE4FREE PLUGIN\files
HKEY_LOCAL_MACHINE\SOFTWARE\GIVE4FREE PLUGIN\files
HKEY_LOCAL_MACHINE\SOFTWARE\GIVE4FREE PLUGIN
HKEY_LOCAL_MACHINE\SOFTWARE\GIVE4FREE PLUGIN
HKEY_LOCAL_MACHINE\SOFTWARE\GIVE4FREE PLUGIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{208E7E77-507A-4649-B0C9-D39E9049C7A2}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{208E7E77-507A-4649-B0C9-D39E9049C7A2}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GIVE4FREE PLUGIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GIVE4FREE PLUGIN
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GIVE4FREE PLUGIN


Bifrost Backdoor more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Deleted

Registry entries detected
HKEY_USERS\.DEFAULT\SOFTWARE\WGET
HKEY_USERS\S-1-5-18\SOFTWARE\WGET


WhenU.VVSN Adware Downloader more information...
Details: WhenU.VVSN is an installer application for many WhenU products, including WhenU.Save!, WhenU.Weathercast, WhenUSearch, and WhenU.ClockSync.
Status: Deleted

Files detected
C:\Dokumente und Einstellungen\Spiele\Lokale Einstellungen\Temp\VVSNInst.exe


Trojan.HideWindow Trojan more information...
Status: Deleted

Files detected
C:\WINDOWS\system32\cmdow.exe


Backdoor.Rbot Backdoor more information...
Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge.
Status: Deleted

Files detected
C:\Programme\Valve\platform\steam_dev.exe


Adware.Agent.gen Adware (General) more information...
Status: Deleted

Files detected
C:\QooBox\Quarantine\C\Programme\IntelligentAdvisor\IntelligentAdvisor-2.dll.vir


Cookie: Tracking Cookies Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\dokumente und einstellungen\spiele\cookies\spiele@2o7[1].txt
c:\dokumente und einstellungen\spiele\cookies\spiele@doubleclick[1].txt


Adware.IntelligentAdvisor Browser Plug-in more information...
Details: Adware.IntelligentAdvisor is an adware program that creates a BHO (browser helper object) on the user's machine and displays pop-up advertising on the desktop. Adware.IntelligentAdvisor reportedly has been stealth installed.
Status: Deleted

Registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTELLIGENTADVISOR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTELLIGENTADVISOR
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\INTELLIGENTADVISOR
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12