| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Smitfraud-c. Toolbar 888 lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.03.2007, 18:54
| #1 |
| |  Smitfraud-c. Toolbar 888 lässt sich nicht entfernen Hallo. habe auf meinen pc smitfraud-c. Toolbar 888 habe Spyboot, AVG Anti- Spyware Adware alles bereits drüber laufen lassen, zuerst haben sie alle nochwas gefunden jetzt findet ihn nur mehr Spybot. Habe bereits 2 Varianten aus dem FOrum ausprobiert um ihn loszuwerden, aber Spyybot zeigt ihn mir noch immer an in HKEY_LOCAL... usw. hab die Ordner bereits händisch gelöscht.. bringt aber nix da sie immer wieder kommen. hier meine hijack: Logfile of HijackThis v1.99.1 Scan saved at 19:28:39, on 30.03.2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Microsoft SQL Server\MSSQL$MESONIC\Binn\sqlservr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\System32\wuauclt.exe C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Dokumente und Einstellungen\Admin\Desktop\hijackthis\HijackThis.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE C:\Programme\Alwil Software\Avast4\setup\avast.setup C:\Programme\HP\Digital Imaging\bin\hpqgalry.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - Default URLSearchHook is missing O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\yjvdijvr.dll",setvm O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130353014608 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130353509530 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp10.photoprintit.de/microsite/6391/defaults/activex/ImageUploader3.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE Logfile von Smitrem: smitRem © log file version 3.2 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" Running from C:\Dokumente und Einstellungen\Admin\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Appinitdll check ........ Thank you Grinler! dumphive.exe (C)2000-2004 Markus Stephany REGEDIT4 [Windows] "AppInit_DLLs"=" " "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ XP Firewall allowed access Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present VirusBurst uninstaller NOT present BraveSentry uninstaller NOT present AntiVermins uninstaller NOT present VirusBursters uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1912 'explorer.exe' Killing PID 1912 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN!  bin echt schon langsam verzweifelt.. werd das teil einfach nicht los. vielleicht könnt ihr mir ja helfen, nachdem ich nicht wirklich ein Experte bin mit dem Pc. mfg Sonja (wkey0) |
|
30.03.2007, 19:06
| #2 |
| | Smitfraud-c. Toolbar 888 lässt sich nicht entfernen Logfile: (nur teilweise..ganze ist zu groß)
__________________Adaware: References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.BHO(generic)(TAC index:3):2 total references Alexa(TAC index:5):2 total references AltnetBDE(TAC index:4):10 total references BrilliantDigital(TAC index:6):2 total references MRU List(TAC index:0):38 total references RXToolbar(TAC index:6):17 total references Tracking Cookie(TAC index:3):23 total references Win32.Spyware.Acoona(TAC index:7):3 total references Win32.Trojan.Agent(T Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:22 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 552 ThreadCreationTime : 30.03.2007 11:17:13 BasePriority : Normal FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr OriginalFilename : WdfMgr.exe #:23 [ashwebsv.exe] FilePath : C:\Programme\Alwil Software\Avast4\ ProcessID : 1336 ThreadCreationTime : 30.03.2007 11:17:25 BasePriority : Normal #:24 [ashmaisv.exe] FilePath : C:\Programme\Alwil Software\Avast4\ ProcessID : 1448 ThreadCreationTime : 30.03.2007 11:17:25 BasePriority : Normal #:26 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2212 ThreadCreationTime : 30.03.2007 11:17:53 BasePriority : Normal ProductName : Betriebssystem Microsoft® Windows® Win32.Trojan.Agent Object Recognized! Type : Process Data : yjvdijvr.dll TAC Rating : 10 Category : Malware Comment : 1617-fcywvs.dll.dmp Object : C:\WINDOWS\System32\ Warning! Win32.Trojan.Agent Object found in memory(C:\WINDOWS\System32\yjvdijvr.dll) Adware.BHO(generic) Object Recognized! Type : Process Data : xcabapwx.dll TAC Rating : 3 Category : Adware Comment : ebmkkjfe.dll.dmp Object : C:\WINDOWS\System32\ Warning! Adware.BHO(generic) Object found in memory(C:\WINDOWS\System32\xcabapwx.dll) Adware.BHO(generic) Object Recognized! Type : Process Data : xcabapwx.dll TAC Rating : 3 Category : Adware Comment : ebmkkjfe.dll.dmp Object : C:\WINDOWS\System32\ Warning! Adware.BHO(generic) Object found in memory(C:\WINDOWS\System32\xcabapwx.dll) #:39 [msiexec.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1820 ThreadCreationTime : 30.03.2007 11:55:01 BasePriority : Normal #:40 [msiexec.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3952 ThreadCreationTime : 30.03.2007 11:55:01 BasePriority : Normal Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 41 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{4672ff87-ef31-4e10-9dbf-1fb28571a188} RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{55b61359-4db0-4ff4-934e-3b8c0fc707f8} RXToolbar Object Recognized! Type : RegValue Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{55b61359-4db0-4ff4-934e-3b8c0fc707f8} Value : AppID RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{8c13987f-041e-4ebe-8784-e6bb9d02e656} RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ac368f5f-6670-4dde-a1a8-b9c064ea0402} RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{05563f82-69a7-40a6-8670-153b635a7ef6} RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{7f46b8e6-254d-46b4-999f-b37b5be7a9f5} Win32.Spyware.Acoona Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Spyware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{6c8ab177-7b09-4f5c-9e6d-82eaa765430c} Win32.Spyware.Acoona Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Spyware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952} AltnetBDE Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75} AltnetBDE Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62} AltnetBDE Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} AltnetBDE Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8} Value : AppID AltnetBDE Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d} AltnetBDE Object Recognized! Type : RegValue Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d} Value : AppID AltnetBDE Object Recognized! Type : Regkey Data : TAC Rating : 4 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64} BrilliantDigital Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5} BrilliantDigital Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 21 Objects found so far: 62 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@revsci[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:admin@revsci.net/ Expires : 25.03.2027 13:41:10 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@advertising[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:admin@advertising.com/ Expires : 28.03.2012 13:42:16 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@adbrite[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:admin@adbrite.com/ Expires : 25.03.2008 14:54:38 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@doubleclick[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:admin@doubleclick.net/ Expires : 29.03.2010 13:41:24 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@kontera[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:admin@kontera.com/ Expires : 25.03.2008 14:55:02 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@reduxads.valuead[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:admin@reduxads.valuead.com/ Expires : 01.01.2021 02:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@ehg-idg.hitbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:admin@ehg-idg.hitbox.com/ Expires : 29.03.2008 13:42:28 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@indextools[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:admin@indextools.com/ Expires : 27.03.2008 19:07:26 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@www.etracker[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:admin@www.etracker.de/ Expires : 22.06.2007 13:53:50 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@ivwbox[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:admin@ivwbox.de/ Expires : 29.03.2008 13:39:36 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@sevenoneintermedia.112.2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:admin@sevenoneintermedia.112.2o7.net/ Expires : 11.03.2012 20:05:38 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@fastclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:admin@fastclick.net/ Expires : 29.03.2009 13:39:52 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:admin@2o7.net/ Expires : 28.03.2012 13:39:46 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@partners.webmasterplan[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:4 Value : Cookie:admin@partners.webmasterplan.com/ Expires : 28.03.2017 LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@as1.falkag[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:admin@as1.falkag.de/ Expires : 28.04.2007 11:38:06 LastSync : Hits:5 UseCount : 0 Hits : 5 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@incredimailltd.112.2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:admin@incredimailltd.112.2o7.net/ Expires : 26.03.2012 18:04:44 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@bfast[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:admin@bfast.com/ Expires : 30.03.2027 13:47:20 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@realmedia[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:admin@realmedia.com/ Expires : 01.01.2021 02:00:00 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@rambler[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:admin@rambler.ru/ Expires : 01.01.2009 02:00:00 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@adtech[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:admin@adtech.de/ Expires : 27.03.2017 13:50:36 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@adserver.71i[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:admin@adserver.71i.de/ Expires : 30.12.2037 18:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@hitbox[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:7 Value : Cookie:admin@hitbox.com/ Expires : 29.03.2008 13:42:28 LastSync : Hits:7 UseCount : 0 Hits : 7 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 22 Objects found so far: 84 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» AltnetBDE Object Recognized! Type : File Data : 873101.tmp TAC Rating : 4 Category : Data Miner Comment : Object : C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ Tracking Cookie Object Recognized! Type : IECache Entry Data : admin@~~local~~[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\Cookies\admin@~~local~~[1].txt Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 86 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 86 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 86 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 86 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : rxresult.rxresultfilter.1 RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\semanticinsight.exe RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : rxresult.rxresultfilter RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : rxresult.rxresulttracker RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : rxresult.rxresulttracker.1 RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : semanticinsight.si4cs RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : semanticinsight.si4cs.1 RXToolbar Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\semanticinsight RXToolbar Object Recognized! Type : RegData Data : {2AB289AE-4B90-4281-B2AE-1F4BB034B647} TAC Rating : 6 Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html Value : CLSID Data : {2AB289AE-4B90-4281-B2AE-1F4BB034B647} Win32.Spyware.Acoona Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Spyware Comment : Rootkey : HKEY_CLASSES_ROOT Object : asearchassist.adefaultsearch AltnetBDE Object Recognized! Type : Folder TAC Rating : 4 Category : Data Miner Comment : AltnetBDE Object : C:\DOKUME~1\Admin\LOKALE~1\Temp\ADMCache AltnetBDE Object Recognized! Type : File Data : adm23.tmp TAC Rating : 4 Category : Data Miner Comment : Object : C:\DOKUME~1\Admin\LOKALE~1\Temp\admcache\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 12 Objects found so far: 98 mfg wkey0 |
|
| Themen zu Smitfraud-c. Toolbar 888 lässt sich nicht entfernen |
| adobe, antivirus, appinit_dlls, avast, avast!, browseui preloader, desktop, dll, einstellungen, entfernen, excel, explorer, firewall, grinler, helfen, hijack, hijackthis, immer wieder, internet, internet explorer, langsam, lässt sich nicht entfernen, microsoft, mssql, ordner, programme, rundll, senden, server, software, system, torrent.exe, urlsearchhook, windows, windows xp |
Linear-Darstellung
