Bitte HILFE, Hab keine Ahnung von dem Quatsch

[Anonymous]

Hallo,

habe heute aufgrund Empfehlungen AD-Aware SE durchlaufen lassen.
MIT ERFOLG! Es wurde eine riesige Log-File angezeigt (s.u.) Aber ich habe jetzt leider gar keine Ahnung, was ich weiter machen soll, bzw. wie ich den ganzen Kram lösche! Ich glaube ich habe jeden Scheiß, den man nur haben kann auf meinem PC!
KANN MIR DAS VIELLEICHT JEMAND IDIOTENSICHER ERKLÄREN UND HELFEN?

Das wäre sehr lieb! :bussi:
Danke


Ad-Aware SE Build 1.04
Logfile Created on:Sonntag, 14. November 2004 16:21:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R18 08.11.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):13 total references
BargainBuddy(TAC index:8):22 total references
BlazeFind(TAC index:5):5 total references
Claria(TAC index:7):7 total references
ClickSpring(TAC index:6):12 total references
Dialer(TAC index:5):5 total references
DialPass(TAC index:5):4 total references
DyFuCA(TAC index:3):14 total references
EGroup Dialer(TAC index:5):1 total references
Elitum.ElitebarBHO(TAC index:5):2 total references
H@tKeysH@@k(TAC index:5):2 total references
iSearch Toolbar(TAC index:3):7 total references
istbar.dotcomToolbar(TAC index:5):9 total references
istbar(TAC index:6):18 total references
MainPean Dialer(TAC index:5):4 total references
MRU List(TAC index:0):33 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Powerscan(TAC index:5):5 total references
SideFind(TAC index:5):15 total references
StarInstall(MainPean)(TAC index:5):7 total references
TopMoxie(TAC index:3):14 total references
Tracking Cookie(TAC index:3):29 total references
TrafficHog(TAC index:8):29 total references
Win32.TrojanDownloader.Swizzor.br(TAC index:8):1 total references
WinAD(TAC index:7):3 total references
Windows(TAC index:3):2 total references
WindUpdates(TAC index:8):1 total references
WinFavorites(TAC index:6):9 total references
VX2(TAC index:10):23 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


14.11.2004 16:21:35 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\applets\wordpad\r ecent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\applets\paint\rec ent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\explorer\comdlg32 opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\explorer\comdlg32 lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\explorer\recentdoc s
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Michi\recent
Description : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 476
ThreadCreationTime : 14.11.2004 11:48:15
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 14.11.2004 11:48:17
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 14.11.2004 11:48:17
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 14.11.2004 11:48:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 604
ThreadCreationTime : 14.11.2004 11:48:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 864
ThreadCreationTime : 14.11.2004 11:48:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 14.11.2004 11:48:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 956
ThreadCreationTime : 14.11.2004 11:48:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1004
ThreadCreationTime : 14.11.2004 11:48:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1108
ThreadCreationTime : 14.11.2004 11:48:19
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1212
ThreadCreationTime : 14.11.2004 11:48:20
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avguard.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1312
ThreadCreationTime : 14.11.2004 11:48:20
BasePriority : Normal


#:13 [avwupsrv.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1324
ThreadCreationTime : 14.11.2004 11:48:20
BasePriority : Normal


#:14 [mdm.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\
ProcessID : 1408
ThreadCreationTime : 14.11.2004 11:48:20
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1440
ThreadCreationTime : 14.11.2004 11:48:20
BasePriority : Normal
FileVersion : 6.14.10.6177
ProductVersion : 6.14.10.6177
ProductName : NVIDIA Driver Helper Service, Version 61.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.77
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1788
ThreadCreationTime : 14.11.2004 11:48:21
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 328
ThreadCreationTime : 14.11.2004 11:48:43
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:18 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 468
ThreadCreationTime : 14.11.2004 11:48:44
BasePriority : Normal
FileVersion : 5.1.10
ProductVersion : 5.1.10
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:19 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 496
ThreadCreationTime : 14.11.2004 11:48:44
BasePriority : Normal
FileVersion : 3.50.31a
CompanyName : Sonic Solutions
FileDescription : Direct Access Component
LegalCopyright : Copyright © 2002 Sonic Solutions

#:20 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 520
ThreadCreationTime : 14.11.2004 11:48:45
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:21 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1016
ThreadCreationTime : 14.11.2004 11:48:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:22 [msbb.exe]
FilePath : C:\temp\
ProcessID : 1060
ThreadCreationTime : 14.11.2004 11:48:45
BasePriority : Normal
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.
Warning! 180Solutions Object found in memory(C:\temp\msbb.exe)

180Solutions Object Recognized!
Type : Process
Data : msbb.exe
Category : Data Miner
Comment :
Object : C:\temp\
FileVersion : 5, 12, 0, 13
ProductVersion : 5, 12, 0, 13
ProductName : Search Assistant
CompanyName : 180solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180solutions Inc.

"C:\temp\msbb.exe"Process terminated successfully
"C:\temp\msbb.exe"Process terminated successfully

#:23 [incd.exe]
FilePath : C:\Programme\Ahead\InCD\
ProcessID : 1260
ThreadCreationTime : 14.11.2004 11:48:45
BasePriority : Normal
FileVersion : 3.39.0
ProductVersion : 3.39.0
ProductName : InCD
CompanyName : Copyright (C) ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright (C) ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:24 [avgnt.exe]
FilePath : C:\Programme\AVPersonal\
ProcessID : 1472
ThreadCreationTime : 14.11.2004 11:48:46
BasePriority : Normal


#:25 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 1784
ThreadCreationTime : 14.11.2004 11:48:47
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

#:26 [wzqkpick.exe]
FilePath : C:\Programme\WinZip\
ProcessID : 1928
ThreadCreationTime : 14.11.2004 11:48:48
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 8.1 (4319g)
ProductName : WinZip
CompanyName : WinZip Computing, Inc. and H.C. Top Systems B.V.
FileDescription : WinZip
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: German

#:27 [iexplore.exe]
FilePath : c:\progra~1\intern~1\
ProcessID : 1656
ThreadCreationTime : 14.11.2004 11:48:49
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : IEXPLORE.EXE

Win32.TrojanDownloader.Swizzor.br Object Recognized!
Type : Process
Data : afefhpui.exe
Category : Malware
Comment : (CSI MATCH)
Object : c:\dokume~1\michi\lokale~1\temp\


Warning! Win32.TrojanDownloader.Swizzor.br Object found in memory(c:\dokume~1\michi\lokale~1\temp\afefhpui.exe)

"c:\dokume~1\michi\lokale~1\temp\afefhpui.exe"Process terminated successfully
"c:\progra~1\intern~1\iexplore.exe"Process terminated successfully

#:28 [kernel.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
ProcessID : 440
ThreadCreationTime : 14.11.2004 14:49:51
BasePriority : Normal
FileVersion : 1.38.0.1
ProductVersion : xx.xx.xx.xxxx
ProductName : T-Online Basissoftware
CompanyName : T-Online
FileDescription : T-Online StartCenter 5.0
InternalName : T-Online Software
LegalCopyright : Copyright 2001
OriginalFilename : kernel.exe

#:29 [sc_watch.exe]
FilePath : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
ProcessID : 1160
ThreadCreationTime : 14.11.2004 14:49:52
BasePriority : Normal


#:30 [profil~1.exe]
FilePath : C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\
ProcessID : 1684
ThreadCreationTime : 14.11.2004 14:49:55
BasePriority : Normal
FileVersion : 1.34.00.0002
ProductVersion : 5.00.00.0000
ProductName : T-Online Basissoftware
CompanyName : T-Online
FileDescription : T-Online Profilverwaltung
InternalName : Profilemgr
LegalCopyright : Copyright 2001
OriginalFilename : profilemgr.exe

#:31 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2148
ThreadCreationTime : 14.11.2004 15:20:45
BasePriority : Normal
FileVersion : 6.2.0.200
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 35


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\msbb

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\180solutions

180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\180solutions

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : apuc.urlcatcher.1

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : apuc.urlcatcher

BargainBuddy Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

BlazeFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2}

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}\1.0

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mediaticketsinstaller.mediaticketsinstallerctrl.1

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3e4c3e0b-6bbe-4c94-86ca-6f055a989693}

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef}

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{81eb72d7-3949-450f-b035-de599959814f}

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7}

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\clickspring

ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef}

DialPass Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : egauth.egegauth.1

DialPass Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : egauth.egegauth

DialPass Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0594af7e-573b-40df-8165-e47ab2eaefe8}

DialPass Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0e594d22-ace6-43a2-bcda-bb7c65d3fe8c}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\avenue media

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\dyfuca

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : DyFuCA
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data : Internet Optimizer
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\Internet Optimizer

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media\internet optimizer

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media

EGroup Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\egdhtml

iSearch Toolbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\isearch\isearch toolbar

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer.2

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istactivex.installer

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{386a771c-e96a-421f-8ba7-32f1b706892f}

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\pugi.pugiobj.1

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\pugi.pugiobj

istbar.dotcomToolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pugi.pugiobj

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : pugi.pugiobj.1

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0985c112-2562-46f2-8da6-92648ba4630f}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\ist

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\istbar

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istbaristbar

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

MainPean Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\intexusdial

SideFind Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : browserhelperobject.bahelper.1

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sidefind.finder.1

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\sidefind

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sidefind

SideFind Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sidefind

StarInstall(MainPean) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : activexdownload.activexdownloadctrl.1

StarInstall(MainPean) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d037f883-92c3-4f89-a302-c01127cf3c72}

StarInstall(MainPean) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}

StarInstall(MainPean) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b0ce21c5-6a79-45b7-ab9c-0008e75f2dbf}

StarInstall(MainPean) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cd6b926c-903f-46a4-9c7d-f3839f081788}

StarInstall(MainPean) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{a30b0beb-a992-4e4b-af6e-eb9019c3e540}

StarInstall(MainPean) Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{e0b795b4-fd95-4abd-a375-27962efce8cf}

TopMoxie Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\internet explorer\menuext\web rebates

TopMoxie Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\untopr1150

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{086cefd5-a88d-4981-8915-d51f04360ed1}

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8b224779-3b0e-4fea-8ae1-b66c20dd840f}

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{99802379-7362-40e2-9d28-8a3b9af880b7}

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d9d08235-3baa-4271-a2a6-f394c6636e07}

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e07b839e-eb50-487f-b102-fb62808ffca8}

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{f177a37f-e8a8-47ad-a7e9-e95fed03d7ee}

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.amo

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.amo.1

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.dbi

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.dbi.1

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.iiittt

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.iiittt.1

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.momo

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.momo.1

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.ohb

TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : winalot.ohb.1

WinAD Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\winad client

WindUpdates Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bridge.brdg.1

WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}

WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao

WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : jao.jao.1

WinFavorites Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{690bccb4-6b83-4203-ae77-038c116594ec}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : localnrddll.localnrddllobj.1

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00320615-b6c2-40a6-8f99-f1c52d674fad}

180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "partner_id"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\msbb
Value : partner_id

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BullsEye Network"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : BullsEye Network

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerID"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerID

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "UtilFolder"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : UtilFolder

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "PartnerName"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : PartnerName

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "FirstHit"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : FirstHit

BargainBuddy Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "BuildNumber"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\exactutil
Value : BuildNumber

DyFuCA Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Internet Optimizer"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Internet Optimizer

istbar.dotcomToolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\ist
Value : account_id

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{5F1ABCDB-A875-46c1-8345-B72A4567E486}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {5F1ABCDB-A875-46c1-8345-B72A4567E486}

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\powerscan
Value : account_id

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LoadNum"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\powerscan
Value : LoadNum

Powerscan Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "account_id"
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\\software\powerscan
Value : account_id

TopMoxie Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "WebRebates0"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : WebRebates0

WinAD Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "Winad Client"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : Winad Client

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "LNI0d1OfSInst"
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\localnrd
Value : LNI0d1OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "conscorr"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : conscorr

Windows Object Recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Possible unwanted enabling of browser button restriction ability
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\policies\explorer

Value : SpecifyDefaultButtons
Data :

Windows Object Recognized!
Type : RegData
Data :
Category : Vulnerability
Comment : Possible unwanted block of search button
Rootkey : HKEY_USERS
Object : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\policies\explorer

Value : Btn_Search
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 132
Objects found so far: 167


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

TrafficHog Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : ({8B224779-3B0E-4FEA-8AE1-B66C20DD840F})
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Toolbar
Value : {8B224779-3B0E-4FEA-8AE1-B66C20DD840F}

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/System32/eglivecam_1028.dll

Dialer Object Recognized!
Type : File
Data : /windows/system32/eglivecam_1028.dll
Category : Dialer
Comment :
Object : c:\



TrafficHog Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey

 

[Myri]

ups, habe mich versehentlich als gast eingetragen!

 

[Reducal]

Irgendwie scheint Deine Kiste ziemlich mit Schädlingen verseucht zu sein. Auch wenn wir im selben Dorf wohnen (an der S4), dann kann ich zumindest Dir hier kaum helfen - Du solltest Deinen PC mal grundbereinigen (lassen).

 

[Stalker2002]

Himmel-Bimmel, was ein Wunder, das der Rechner auch noch Zeit hat, gelegentlich die ihm zugedachten Aufgaben zu erfüllen.
Bei so einem gut sortierten Malware-Biotop dürfte kaum noch CPU-Zeit für Sinnvolles™ übrig bleiben.

Lass den Rechner mal im abgesicherten Modus hochfaren und schicke Spybot drüber. Der soll dann alles fixen, was er sieht.
Mit Spybot kann man eigentlich nix kaputt schießen. (*)

MfG
L.

(*)Zumindest kann man damit nix kaputter machen, als es eh schon ist.

 

[Dino]

Genau das denke ich auch.
Erinnert mich irgendwie an den Rechner eines Bekannten, den ich gestern in der Mache hatte. Spybot, Adaware und HJT drüberlaufen und jeweils bereinigen lassen. Und sollte der Rechner anschließend nicht mehr laufen, ist es - ganz ehrlich gesagt - um dieses System nicht wirklich schade. Vielleicht eine gute Zeit für einen kompletten Neuanfang sowohl für den Rechner als auch für die eigene Einstellung zum Thema Online-Sicherheit. Mach Dir mal Gedanken über die Verwendung bestimmter Browser bzw. deren Sicherheits-Einstellungen, über Virenscanner, Firewalls und...und...und...

Um Mut zu machen: Der Rechner meines Bekannten läuft immer noch...

Allerdings bin ich mir nicht sicher, ob da nicht doch der eine oder andere Fiesling weiterhin sein Unwesen treibt, denn eine 100%-Trefferquote halte ich auch bei Einsatz mehrerer Malware-Entferner für unwahrscheinlich. Und der Rechner scheint wohl über längere Zeit ungeimpft mit ortsunkundigem Fahrer in verseuchtem Gebiet unterwegs gewesen zu sein...
Bei einem format c: wäre mir wohler gewesen...

 

[Counselor]

Mach Dir mal Gedanken über die Verwendung bestimmter Browser bzw. deren Sicherheits-Einstellungen

Beim Internet Explorer 6 empfehlen sich die Einstellungen, mit denen MS den IE 6 für Windows Server 2003 ausliefert:
Internet Explorer Enhanced Security Configuration

 

[Genesis]

"Nett": Auch wenn das LOG von Ad-Aware SE erst einmal "furchtbar" aussieht: Ganz so schlimm ist es nun auch wieder nicht.

Zuerst einmal sichere die folgenden Dateien z.B. auf eine Diskette:

Alles unter C.\software\intexusdial
activexdownload.activexdownloadctrl.1
C:/WINDOWS/System32/eglivecam_1028.dll



Bitte lasse von Ad-Aware SE (es gibt übrigens inzwischen Build 1.05) alles entfernen (markieren der Kästchen und dann erst weiter).

Anschließend lade Dir HiJackThis, erstelle damit ein LOG und poste es hier als Attachment.

 

[Myri]

Vielen Dank für eure motivierenden Antworten.
Ich weiß ja selbst das ich ein Computerdepp bin.
Gibt es niemanden der einem den PC wieder ganz macht und alles so einstellt, das der ganze Dateien-Zoo nicht mehr auf den PC kommt?
Ich werd den Müll nie los!!!!!!!!!!!!! :cry:
Ach ja, ich finde leider diese dateien, die ich sichern soll auf dieser doofen kiste nicht. hab ich die vielleicht mit dem Ad-Aware gelöscht(habe bei dem log fast überall häckchen gemacht zum löschen! :lol: )
ich lade jetzt gleich mal das hiJackThis runter!
Vielen Lieben Dank! ich melde mich dann gleich wieder!

 

[Myri]

Hier ist jetzt das hijackthis ergebnis:

 

[Genesis]

Das sieht leider überhaupt nicht gut aus:

O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe

Eine SDBot-Infektion. Siehe z.B. hier

O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] systemse.exe

Eine Rbot-Infektion. Siehe z.B. hier


O4 - HKLM\..\Run: [cejxaea] C:\WINDOWS\System32\jpqizmjx.exe
O4 - HKCU\..\Run: [Iwaa] C:\Dokumente und Einstellungen\Michi\Anwendungsdaten\lrrp.exe

Zumindest diese beiden sind weitere Malware.

Da Dein System mit zwei Trojanern verseucht ist, die auf Deinem System beliebige Dateien ausgetauscht haben könnten, kommt meiner Meinung nach nur ein komplettes Neuaufsetzen des Systems in Frage.

 

[Anonymous]

Hallo MyriK !

Alles, was oben gesagt wurde, ist auch korrekt und du solltest echt über eine Neuaufsetzung (insbesondere wg. der Trojanerfunde) nachdenken: dein System ist schwer komprittiert/verseucht.

Was mir noch auffällt ist, daß Du offenbar bis jetzt "nur" mit Ad-aware gesucht hast. Das Programm ist super und habe ich seit Jahren. Aber es versagt weitestgehend bei der Viren-und Trojanersuche (bis auf wenige Ausnahmen).

Für Viren-und Trojanerbekämpfung gibts ja bekanntlich AV-Programme.Entnehme deiner Hijackthis-Logfile, daß Du AntiVir®
Personal Edition von H+BEDV Datentechnik GmbH einsetzt.
Das ist zwar ok und sind "guter Durchschnitt" und vorallem kostenlos!

Aber u.U. findet sich noch mehr. Setze mal 1 oder 2 kostenlose Online-Virenscanner ein als 2.Meinung. Hier ein Link mit 13 kostenlosen AV-Scannern http:// malware.bul-online.de/av_onlinescan.php.

Sehr gut ist Kaspersky, aber leider ist der Onlinescan auf 1 MB begrenzt, da kannste keinen ganzen PC scannen.
Auch sehr gut ist z.B. RAV oder TrendMicro oder F-Secure. Diese können im begrenztem Maße auch entfernen (je nach Virus halt) und findet möglicherweise mehr als AntiVir.
Probier es einfach, ist alles kostenlos. Aber letztlich ist dein System schwer komprittiert/verseucht und ein Neuaufsetzen das sicherste.
Viel Erfolg

Link deaktiviert, da er ins Nirvana führt. Das Nirvana ist aber nett gemacht BT/MOD

 

[BenTigger]

Hallo Wolfgang,

dein Link führt nur zu einem armen depressiven Webserver...

Hier die richtige Adresse mit Verzweigungshinweis....

http://malware.bul-online.de/

und dann Links: Online AV-Scanner anklicken

 

[technofreak]

http://malware.bul-online.de/av_onlinescan.php

tf

 

[BenTigger]

Ups jetzt seh ichs... der . hinterm PHP ist mir entgangen...

Danke fürs genauer hinsehen TF

 

[Anonymous]

Hallo BenTigger & Kollegen!

Danke für die Korrektur des Links, jetzt stimmt er genau und führt zu diesen 13 besagten Online-Scannern.

PS: werde heute abend 1 Stunde üben wie man korrekte Links setzt