# Bitte HILFE, Hab keine Ahnung von dem Quatsch



## Anonymous (14 November 2004)

Hallo,

habe heute aufgrund Empfehlungen AD-Aware SE durchlaufen lassen.
MIT ERFOLG! Es wurde eine riesige Log-File angezeigt (s.u.) Aber ich habe jetzt leider gar keine Ahnung, was ich weiter machen soll, bzw. wie ich den ganzen Kram lösche! Ich glaube ich habe jeden Scheiß, den man nur haben kann auf meinem PC!
KANN MIR DAS VIELLEICHT JEMAND IDIOTENSICHER ERKLÄREN UND HELFEN?
       
Das wäre sehr lieb! :bussi: 
Danke


Ad-Aware SE Build 1.04
Logfile Created on:Sonntag, 14. November 2004 16:21:35
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R18 08.11.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):13 total references
BargainBuddy(TAC index:8):22 total references
BlazeFind(TAC index:5):5 total references
Claria(TAC index:7):7 total references
ClickSpring(TAC index:6):12 total references
Dialer(TAC index:5):5 total references
DialPass(TAC index:5):4 total references
DyFuCA(TAC index:3):14 total references
EGroup Dialer(TAC index:5):1 total references
Elitum.ElitebarBHO(TAC index:5):2 total references
[email protected]@@k(TAC index:5):2 total references
iSearch Toolbar(TAC index:3):7 total references
istbar.dotcomToolbar(TAC index:5):9 total references
istbar(TAC index:6):18 total references
MainPean Dialer(TAC index:5):4 total references
MRU List(TAC index:0):33 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Powerscan(TAC index:5):5 total references
SideFind(TAC index:5):15 total references
StarInstall(MainPean)(TAC index:5):7 total references
TopMoxie(TAC index:3):14 total references
Tracking Cookie(TAC index:3):29 total references
TrafficHog(TAC index:8):29 total references
Win32.TrojanDownloader.Swizzor.br(TAC index:8):1 total references
WinAD(TAC index:7):3 total references
Windows(TAC index:3):2 total references
WindUpdates(TAC index:8):1 total references
WinFavorites(TAC index:6):9 total references
VX2(TAC index:10):23 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


14.11.2004 16:21:35 - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\nico mak computing\winzip\filemenu
    Description        : winzip recently used archives


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\applets\wordpad\r ecent file list
    Description        : list of recent files opened using wordpad


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\applets\paint\rec ent file list
    Description        : list of files recently opened using microsoft paint


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\explorer\runmru
    Description        : mru list for items opened in start | run


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\search assistant\acmru
    Description        : list of recent search terms used with the search assistant


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\explorer\comdlg32 opensavemru
    Description        : list of recently saved files, stored according to file extension


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\explorer\comdlg32 lastvisitedmru
    Description        : list of recent programs opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\explorer\recentdoc s
    Description        : list of recent documents opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\player\recentfilelist
    Description        : list of recently used files in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\internet explorer\main
    Description        : last save directory used in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\internet explorer
    Description        : last download directory used in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\microsoft management console\recent file list
    Description        : list of recent snap-ins used in the microsoft management console


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\internet explorer\typedurls
    Description        : list of recently entered addresses in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
    Description        : list of recently used files in adobe reader


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\player\settings
    Description        : last open directory used in jasc paint shop pro


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\preferences
    Description        : last playlist index loaded in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\applets\regedit
    Description        : last key accessed using the microsoft registry editor


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\preferences
    Description        : last playlist loaded in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\office\11.0\common\general
    Description        : list of recently used symbols in microsoft office


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\preferences
    Description        : last search path used in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\mediaplayer\medialibraryui
    Description        : last selected node in the microsoft windows media player media library


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\winrar\dialogedithistory\extrpath
    Description        : winrar "extract-to" history


 MRU List Object Recognized!
    Location:          : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk 


 MRU List Object Recognized!
    Location:          : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk 


 MRU List Object Recognized!
    Location:          : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk 


 MRU List Object Recognized!
    Location:          : C:\Dokumente und Einstellungen\Michi\recent
    Description        : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 476
    ThreadCreationTime : 14.11.2004 11:48:15
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 524
    ThreadCreationTime : 14.11.2004 11:48:17
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 548
    ThreadCreationTime : 14.11.2004 11:48:17
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 592
    ThreadCreationTime : 14.11.2004 11:48:17
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Betriebssystem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Anwendung für Dienste und Controller
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 604
    ThreadCreationTime : 14.11.2004 11:48:17
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 864
    ThreadCreationTime : 14.11.2004 11:48:18
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 920
    ThreadCreationTime : 14.11.2004 11:48:18
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 956
    ThreadCreationTime : 14.11.2004 11:48:18
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1004
    ThreadCreationTime : 14.11.2004 11:48:18
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:10 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1108
    ThreadCreationTime : 14.11.2004 11:48:19
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:11 [spoolsv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1212
    ThreadCreationTime : 14.11.2004 11:48:20
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:12 [avguard.exe]
    FilePath           : C:\Programme\AVPersonal\
    ProcessID          : 1312
    ThreadCreationTime : 14.11.2004 11:48:20
    BasePriority       : Normal


#:13 [avwupsrv.exe]
    FilePath           : C:\Programme\AVPersonal\
    ProcessID          : 1324
    ThreadCreationTime : 14.11.2004 11:48:20
    BasePriority       : Normal


#:14 [mdm.exe]
    FilePath           : C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\
    ProcessID          : 1408
    ThreadCreationTime : 14.11.2004 11:48:20
    BasePriority       : Normal
    FileVersion        : 7.00.9466
    ProductVersion     : 7.00.9466
    ProductName        : Microsoft® Visual Studio .NET
    CompanyName        : Microsoft Corporation
    FileDescription    : Machine Debug Manager
    InternalName       : mdm.exe
    LegalCopyright     : © Microsoft Corporation.  All rights reserved.
    OriginalFilename   : mdm.exe

#:15 [nvsvc32.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1440
    ThreadCreationTime : 14.11.2004 11:48:20
    BasePriority       : Normal
    FileVersion        : 6.14.10.6177
    ProductVersion     : 6.14.10.6177
    ProductName        : NVIDIA Driver Helper Service, Version 61.77
    CompanyName        : NVIDIA Corporation
    FileDescription    : NVIDIA Driver Helper Service, Version 61.77
    InternalName       : NVSVC
    LegalCopyright     : (C) NVIDIA Corporation. All rights reserved.
    OriginalFilename   : nvsvc32.exe

#:16 [alg.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1788
    ThreadCreationTime : 14.11.2004 11:48:21
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Application Layer Gateway Service
    InternalName       : ALG.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : ALG.exe

#:17 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 328
    ThreadCreationTime : 14.11.2004 11:48:43
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Betriebssystem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename   : EXPLORER.EXE

#:18 [soundman.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 468
    ThreadCreationTime : 14.11.2004 11:48:44
    BasePriority       : Normal
    FileVersion        : 5.1.10
    ProductVersion     : 5.1.10
    ProductName        : Realtek Sound Manager
    CompanyName        : Realtek Semiconductor Corp.
    FileDescription    : Realtek Sound Manager
    InternalName       : ALSMTray
    LegalCopyright     : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
    OriginalFilename   : ALSMTray.exe
    Comments           : Realtek AC97 Audio Sound Manager

#:19 [tfswctrl.exe]
    FilePath           : C:\WINDOWS\system32\dla\
    ProcessID          : 496
    ThreadCreationTime : 14.11.2004 11:48:44
    BasePriority       : Normal
    FileVersion        : 3.50.31a
    CompanyName        : Sonic Solutions
    FileDescription    : Direct Access Component
    LegalCopyright     : Copyright © 2002 Sonic Solutions

#:20 [qttask.exe]
    FilePath           : C:\Programme\QuickTime\
    ProcessID          : 520
    ThreadCreationTime : 14.11.2004 11:48:45
    BasePriority       : Normal
    FileVersion        : 6.4
    ProductVersion     : QuickTime 6.4
    ProductName        : QuickTime
    CompanyName        : Apple Computer, Inc.
    InternalName       : QuickTime Task
    LegalCopyright     : © Apple Computer, Inc. 2001-2003
    OriginalFilename   : QTTask.exe

#:21 [rundll32.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1016
    ThreadCreationTime : 14.11.2004 11:48:45
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Betriebssystem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Eine DLL-Datei als Anwendung ausführen
    InternalName       : rundll
    LegalCopyright     : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename   : RUNDLL.EXE

#:22 [msbb.exe]
    FilePath           : C:\temp\
    ProcessID          : 1060
    ThreadCreationTime : 14.11.2004 11:48:45
    BasePriority       : Normal
    FileVersion        : 5, 12, 0, 13
    ProductVersion     : 5, 12, 0, 13
    ProductName        : Search Assistant
    CompanyName        : 180solutions, Inc.
    FileDescription    : Search Assistant
    LegalCopyright     : Copyright © 2004, 180solutions Inc.
Warning! 180Solutions Object found in memory(C:\temp\msbb.exe)

 180Solutions Object Recognized!
    Type               : Process
    Data               : msbb.exe
    Category           : Data Miner
    Comment            : 
    Object             : C:\temp\
    FileVersion        : 5, 12, 0, 13
    ProductVersion     : 5, 12, 0, 13
    ProductName        : Search Assistant
    CompanyName        : 180solutions, Inc.
    FileDescription    : Search Assistant
    LegalCopyright     : Copyright © 2004, 180solutions Inc.

"C:\temp\msbb.exe"Process terminated successfully
"C:\temp\msbb.exe"Process terminated successfully

#:23 [incd.exe]
    FilePath           : C:\Programme\Ahead\InCD\
    ProcessID          : 1260
    ThreadCreationTime : 14.11.2004 11:48:45
    BasePriority       : Normal
    FileVersion        : 3.39.0
    ProductVersion     : 3.39.0
    ProductName        : InCD
    CompanyName        : Copyright (C) ahead software gmbh and its licensors
    FileDescription    : InCD CD-RW UDF Tools
    InternalName       : InCD
    LegalCopyright     : Copyright (C) ahead software gmbh and its licensors
    OriginalFilename   : InCD.EXE
    Comments           : CD-RW UDF Tools

#:24 [avgnt.exe]
    FilePath           : C:\Programme\AVPersonal\
    ProcessID          : 1472
    ThreadCreationTime : 14.11.2004 11:48:46
    BasePriority       : Normal


#:25 [iexplore.exe]
    FilePath           : C:\Programme\Internet Explorer\
    ProcessID          : 1784
    ThreadCreationTime : 14.11.2004 11:48:47
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Betriebssystem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Internet Explorer
    InternalName       : iexplore
    LegalCopyright     : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename   : IEXPLORE.EXE

#:26 [wzqkpick.exe]
    FilePath           : C:\Programme\WinZip\
    ProcessID          : 1928
    ThreadCreationTime : 14.11.2004 11:48:48
    BasePriority       : Normal
    FileVersion        : 1.0 (32-bit)
    ProductVersion     : 8.1  (4319g)
    ProductName        : WinZip
    CompanyName        : WinZip Computing, Inc. and H.C. Top Systems B.V.
    FileDescription    : WinZip
    InternalName       : WZQKPICK.EXE
    LegalCopyright     : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved
    LegalTrademarks    : WinZip is a registered trademark of WinZip Computing, Inc
    OriginalFilename   : WZQKPICK.EXE
    Comments           : StringFileInfo: German

#:27 [iexplore.exe]
    FilePath           : c:\progra~1\intern~1\
    ProcessID          : 1656
    ThreadCreationTime : 14.11.2004 11:48:49
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Betriebssystem Microsoft® Windows®
    CompanyName        : Microsoft Corporation
    FileDescription    : Internet Explorer
    InternalName       : iexplore
    LegalCopyright     : © Microsoft Corporation. Alle Rechte vorbehalten.
    OriginalFilename   : IEXPLORE.EXE

 Win32.TrojanDownloader.Swizzor.br Object Recognized!
    Type               : Process
    Data               : afefhpui.exe
    Category           : Malware
    Comment            : (CSI MATCH)
    Object             : c:\dokume~1\michi\lokale~1\temp\


Warning! Win32.TrojanDownloader.Swizzor.br Object found in memory(c:\dokume~1\michi\lokale~1\temp\afefhpui.exe)

"c:\dokume~1\michi\lokale~1\temp\afefhpui.exe"Process terminated successfully
"c:\progra~1\intern~1\iexplore.exe"Process terminated successfully

#:28 [kernel.exe]
    FilePath           : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
    ProcessID          : 440
    ThreadCreationTime : 14.11.2004 14:49:51
    BasePriority       : Normal
    FileVersion        : 1.38.0.1     
    ProductVersion     : xx.xx.xx.xxxx
    ProductName        : T-Online Basissoftware
    CompanyName        : T-Online
    FileDescription    : T-Online StartCenter 5.0
    InternalName       : T-Online Software
    LegalCopyright     : Copyright 2001
    OriginalFilename   : kernel.exe

#:29 [sc_watch.exe]
    FilePath           : C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\
    ProcessID          : 1160
    ThreadCreationTime : 14.11.2004 14:49:52
    BasePriority       : Normal


#:30 [profil~1.exe]
    FilePath           : C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\
    ProcessID          : 1684
    ThreadCreationTime : 14.11.2004 14:49:55
    BasePriority       : Normal
    FileVersion        : 1.34.00.0002 
    ProductVersion     : 5.00.00.0000 
    ProductName        : T-Online Basissoftware
    CompanyName        : T-Online
    FileDescription    : T-Online Profilverwaltung
    InternalName       : Profilemgr
    LegalCopyright     : Copyright 2001
    OriginalFilename   : profilemgr.exe

#:31 [ad-aware.exe]
    FilePath           : C:\Programme\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 2148
    ThreadCreationTime : 14.11.2004 15:20:45
    BasePriority       : Normal
    FileVersion        : 6.2.0.200
    ProductVersion     : VI.Second Edition
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 35


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 180Solutions Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\msbb

 180Solutions Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\180solutions

 180Solutions Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\180solutions

 BargainBuddy Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}

 BargainBuddy Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}

 BargainBuddy Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}

 BargainBuddy Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : apuc.urlcatcher.1

 BargainBuddy Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : apuc.urlcatcher

 BargainBuddy Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}

 BlazeFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{83de62e0-5805-11d8-9b25-00e04c60faf2}

 BlazeFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\classes\clsid\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

 BlazeFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\explorer\browser helper objects\{83de62e0-5805-11d8-9b25-00e04c60faf2}

 Claria Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

 Claria Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\gator.com

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{46605c8c-d306-4e2d-b367-9b53690cb867}\1.0

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : mediaticketsinstaller.mediaticketsinstallerctrl.1

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{3e4c3e0b-6bbe-4c94-86ca-6f055a989693}

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{9eb320ce-be1d-4304-a081-4b4665414bef}

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{81eb72d7-3949-450f-b035-de599959814f}

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{39da2444-065f-47cb-b27c-ccb1a39c06b7}

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\clickspring

 ClickSpring Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\code store database\distribution units\{9eb320ce-be1d-4304-a081-4b4665414bef}

 DialPass Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : egauth.egegauth.1

 DialPass Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : egauth.egegauth

 DialPass Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{0594af7e-573b-40df-8165-e47ab2eaefe8}

 DialPass Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{0e594d22-ace6-43a2-bcda-bb7c65d3fe8c}

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\avenue media

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\dyfuca

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : DyFuCA
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : .DEFAULT\software\microsoft\windows\currentversion\uninstall\DyFuCA

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : DyFuCA
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-18\software\microsoft\windows\currentversion\uninstall\DyFuCA

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : DyFuCA
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-19\software\microsoft\windows\currentversion\uninstall\DyFuCA

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : DyFuCA
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-20\software\microsoft\windows\currentversion\uninstall\DyFuCA

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : Internet Optimizer
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : .DEFAULT\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : Internet Optimizer
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-18\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : Internet Optimizer
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-19\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : Internet Optimizer
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-20\software\microsoft\windows\currentversion\uninstall\Internet Optimizer

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : Internet Optimizer
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\Internet Optimizer

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\avenue media\internet optimizer

 DyFuCA Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\avenue media

 EGroup Dialer Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\egdhtml

 iSearch Toolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\isearch\isearch toolbar

 istbar.dotcomToolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : istactivex.installer.2

 istbar.dotcomToolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : istactivex.installer

 istbar.dotcomToolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{386a771c-e96a-421f-8ba7-32f1b706892f}

 istbar.dotcomToolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}

 istbar.dotcomToolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\classes\pugi.pugiobj.1

 istbar.dotcomToolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\classes\pugi.pugiobj

 istbar.dotcomToolbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\classes\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : pugi.pugiobj

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : pugi.pugiobj.1

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{0985c112-2562-46f2-8da6-92648ba4630f}

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\ist

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\istbar

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\istsvc

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\code store database\distribution units\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\istbaristbar

 istbar Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\istsvc

 MainPean Dialer Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\intexusdial

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : browserhelperobject.bahelper

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : browserhelperobject.bahelper.1

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : sidefind.finder

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : sidefind.finder.1

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{d0288a41-9855-4a9b-8316-babe243648da}

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\sidefind

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\sidefind

 SideFind Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\sidefind

 StarInstall(MainPean) Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : activexdownload.activexdownloadctrl.1

 StarInstall(MainPean) Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{d037f883-92c3-4f89-a302-c01127cf3c72}

 StarInstall(MainPean) Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{e0b795b4-fd95-4abd-a375-27962efce8cf}

 StarInstall(MainPean) Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{b0ce21c5-6a79-45b7-ab9c-0008e75f2dbf}

 StarInstall(MainPean) Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{cd6b926c-903f-46a4-9c7d-f3839f081788}

 StarInstall(MainPean) Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{a30b0beb-a992-4e4b-af6e-eb9019c3e540}

 StarInstall(MainPean) Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\code store database\distribution units\{e0b795b4-fd95-4abd-a375-27962efce8cf}

 TopMoxie Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\internet explorer\menuext\web rebates

 TopMoxie Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\untopr1150

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{086cefd5-a88d-4981-8915-d51f04360ed1}

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{8b224779-3b0e-4fea-8ae1-b66c20dd840f}

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{99802379-7362-40e2-9d28-8a3b9af880b7}

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{d9d08235-3baa-4271-a2a6-f394c6636e07}

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{e07b839e-eb50-487f-b102-fb62808ffca8}

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{f177a37f-e8a8-47ad-a7e9-e95fed03d7ee}

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.amo

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.amo.1

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.dbi

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.dbi.1

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.iiittt

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.iiittt.1

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.momo

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.momo.1

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.ohb

 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : winalot.ohb.1

 WinAD Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\uninstall\winad client

 WindUpdates Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Data Miner
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\code store database\distribution units\{15ad4789-cdb4-47e1-a9da-992ee8e6bad6}

 WinFavorites Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : bridge.brdg.1

 WinFavorites Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{80bb7465-a638-43b5-9827-8e8fe38dfcc1}

 WinFavorites Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : jao.jao

 WinFavorites Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : jao.jao.1

 WinFavorites Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{c094876d-1b0e-46fa-b6a6-7ffc0f970c27}

 VX2 Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : typelib\{690bccb4-6b83-4203-ae77-038c116594ec}

 VX2 Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : vx2.vx2obj

 VX2 Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : localnrddll.localnrddllobj.1

 VX2 Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : clsid\{00320615-b6c2-40a6-8f99-f1c52d674fad}

 VX2 Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a}

 VX2 Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\explorer\browser helper objects\{00320615-b6c2-40a6-8f99-f1c52d674fad}

 180Solutions Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Data Miner
    Comment            : "partner_id"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\msbb
    Value              : partner_id

 BargainBuddy Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "BullsEye Network"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\run
    Value              : BullsEye Network

 BargainBuddy Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "PartnerID"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\exactutil
    Value              : PartnerID

 BargainBuddy Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "UtilFolder"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\exactutil
    Value              : UtilFolder

 BargainBuddy Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "PartnerName"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\exactutil
    Value              : PartnerName

 BargainBuddy Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "FirstHit"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\exactutil
    Value              : FirstHit

 BargainBuddy Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "BuildNumber"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\exactutil
    Value              : BuildNumber

 DyFuCA Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "Internet Optimizer"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\run
    Value              : Internet Optimizer

 istbar.dotcomToolbar Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Data Miner
    Comment            : "account_id"
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\ist
    Value              : account_id

 istbar Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "{5F1ABCDB-A875-46c1-8345-B72A4567E486}"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\toolbar
    Value              : {5F1ABCDB-A875-46c1-8345-B72A4567E486}

 istbar Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "IST Service"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\run
    Value              : IST Service

 Powerscan Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "account_id"
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\powerscan
    Value              : account_id

 Powerscan Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "LoadNum"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\powerscan
    Value              : LoadNum

 Powerscan Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "account_id"
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\\software\powerscan
    Value              : account_id

 TopMoxie Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Data Miner
    Comment            : "WebRebates0"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\run
    Value              : WebRebates0

 WinAD Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "Winad Client"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\run
    Value              : Winad Client

 VX2 Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "LNI0d1OfSInst"
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\localnrd
    Value              : LNI0d1OfSInst

 VX2 Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : "conscorr"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\windows\currentversion\run
    Value              : conscorr

 Windows Object Recognized!
    Type               : RegData
    Data               : 
    Category           : Vulnerability
    Comment            : Possible unwanted enabling of browser button restriction ability
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\policies\explorer 
    Value              : SpecifyDefaultButtons
    Data               : 

 Windows Object Recognized!
    Type               : RegData
    Data               : 
    Category           : Vulnerability
    Comment            : Possible unwanted block of search button
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-226628700-589480575-651076666-1006\software\microsoft\windows\currentversion\policies\explorer 
    Value              : Btn_Search
    Data               : 

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 132
Objects found so far: 167


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 TrafficHog Object Recognized!
    Type               : RegValue
    Data               : 
    Category           : Malware
    Comment            : ({8B224779-3B0E-4FEA-8AE1-B66C20DD840F})
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : SOFTWARE\Microsoft\Internet Explorer\Toolbar
    Value              : {8B224779-3B0E-4FEA-8AE1-B66C20DD840F}

 Dialer Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Dialer
    Comment            : 
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/System32/eglivecam_1028.dll

 Dialer Object Recognized!
    Type               : File
    Data               : /windows/system32/eglivecam_1028.dll
    Category           : Dialer
    Comment            : 
    Object             : c:\



 TrafficHog Object Recognized!
    Type               : Regkey
    Data               : 
    Category           : Malware
    Comment            : 
    Rootkey


----------



## Myri (14 November 2004)

ups, habe mich versehentlich als gast eingetragen!


----------



## Reducal (14 November 2004)

Irgendwie scheint Deine Kiste ziemlich mit Schädlingen verseucht zu sein. Auch wenn wir im selben Dorf wohnen (an der S4), dann kann ich zumindest Dir hier kaum helfen - Du solltest Deinen PC mal grundbereinigen (lassen).


----------



## Stalker2002 (14 November 2004)

Himmel-Bimmel, was ein Wunder, das der Rechner auch noch Zeit hat, gelegentlich die ihm zugedachten Aufgaben zu erfüllen.
Bei so einem gut sortierten Malware-Biotop dürfte kaum noch CPU-Zeit für Sinnvolles™ übrig bleiben.

Lass den Rechner mal im abgesicherten Modus hochfaren und schicke Spybot drüber. Der soll dann alles fixen, was er sieht.
Mit Spybot kann man eigentlich nix kaputt schießen. (*)

MfG
L.

(*)Zumindest kann man damit nix kaputter machen, als es eh schon ist.


----------



## Dino (14 November 2004)

Genau das denke ich auch.
Erinnert mich irgendwie an den Rechner eines Bekannten, den ich gestern in der Mache hatte. Spybot, Adaware und HJT drüberlaufen und jeweils bereinigen lassen. Und sollte der Rechner anschließend nicht mehr laufen, ist es - ganz ehrlich gesagt - um dieses System nicht wirklich schade. Vielleicht eine gute Zeit für einen kompletten Neuanfang sowohl für den Rechner als auch für die eigene Einstellung zum Thema Online-Sicherheit. Mach Dir mal Gedanken über die Verwendung bestimmter Browser bzw. deren Sicherheits-Einstellungen, über Virenscanner, Firewalls und...und...und...

Um Mut zu machen: Der Rechner meines Bekannten läuft immer noch...

Allerdings bin ich mir nicht sicher, ob da nicht doch der eine oder andere Fiesling weiterhin sein Unwesen treibt, denn eine 100%-Trefferquote halte ich auch bei Einsatz mehrerer Malware-Entferner für unwahrscheinlich. Und der Rechner scheint wohl über längere Zeit ungeimpft mit ortsunkundigem Fahrer in verseuchtem Gebiet unterwegs gewesen zu sein...
Bei einem format c: wäre mir wohler gewesen...


----------



## Counselor (15 November 2004)

Dino schrieb:
			
		

> Mach Dir mal Gedanken über die Verwendung bestimmter Browser bzw. deren Sicherheits-Einstellungen


Beim Internet Explorer 6 empfehlen sich die Einstellungen, mit denen MS den IE 6 für Windows Server 2003 ausliefert:
Internet Explorer Enhanced Security Configuration


----------



## Genesis (15 November 2004)

"Nett": Auch wenn das LOG von Ad-Aware SE erst einmal "furchtbar" aussieht: Ganz so schlimm ist es nun auch wieder nicht.

Zuerst einmal sichere die folgenden Dateien z.B. auf eine Diskette:

Alles unter C.\software\intexusdial 
activexdownload.activexdownloadctrl.1
C:/WINDOWS/System32/eglivecam_1028.dll 



Bitte lasse von Ad-Aware SE (es gibt übrigens inzwischen Build 1.05) alles entfernen (markieren der Kästchen und dann erst weiter).

Anschließend lade Dir HiJackThis, erstelle damit ein LOG und poste es hier als *Attachment*.


----------



## Myri (20 November 2004)

Vielen Dank für eure motivierenden Antworten.
Ich weiß ja selbst das ich ein Computerdepp bin.
Gibt es niemanden der einem den PC wieder ganz macht und alles so einstellt, das der ganze Dateien-Zoo nicht mehr auf den PC kommt?
Ich werd den Müll nie los!!!!!!!!!!!!! :cry: 
Ach ja, ich finde leider diese dateien, die ich sichern soll auf dieser doofen kiste nicht. hab ich die vielleicht mit dem Ad-Aware gelöscht(habe bei dem log fast überall häckchen gemacht zum löschen! :lol: ) 
ich lade jetzt gleich mal das hiJackThis runter!
Vielen Lieben Dank! ich melde mich dann gleich wieder!


----------



## Myri (20 November 2004)

Hier ist jetzt das hijackthis ergebnis:


----------



## Genesis (22 November 2004)

Das sieht leider überhaupt nicht gut aus:

O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe

Eine SDBot-Infektion. Siehe z.B. hier

O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] systemse.exe

Eine Rbot-Infektion. Siehe z.B. hier


O4 - HKLM\..\Run: [cejxaea] C:\WINDOWS\System32\jpqizmjx.exe
O4 - HKCU\..\Run: [Iwaa] C:\Dokumente und Einstellungen\Michi\Anwendungsdaten\lrrp.exe

Zumindest diese beiden sind weitere Malware.

Da Dein System mit zwei Trojanern verseucht ist, die auf Deinem System beliebige Dateien ausgetauscht haben könnten, kommt meiner Meinung nach nur ein komplettes Neuaufsetzen des Systems in Frage.


----------



## Anonymous (25 November 2004)

Hallo MyriK !

Alles, was oben gesagt wurde, ist auch korrekt und du solltest echt über eine Neuaufsetzung (insbesondere wg. der Trojanerfunde) nachdenken: dein System ist schwer komprittiert/verseucht.

Was mir noch auffällt ist, daß Du offenbar bis jetzt "nur" mit Ad-aware gesucht hast. Das Programm ist super und habe ich seit Jahren. Aber es versagt weitestgehend bei der Viren-und Trojanersuche (bis auf wenige Ausnahmen).

Für Viren-und Trojanerbekämpfung gibts ja bekanntlich AV-Programme.Entnehme deiner Hijackthis-Logfile, daß Du   AntiVir®
Personal Edition von H+BEDV Datentechnik GmbH einsetzt.
Das ist zwar ok und sind "guter Durchschnitt" und vorallem kostenlos!

Aber u.U. findet sich noch mehr. Setze mal 1 oder 2 kostenlose Online-Virenscanner ein als 2.Meinung. Hier ein Link mit 13 kostenlosen AV-Scannern  http:// malware.bul-online.de/av_onlinescan.php.

Sehr gut ist Kaspersky, aber leider ist der Onlinescan auf 1 MB begrenzt, da kannste keinen ganzen PC scannen.
Auch sehr gut ist z.B. RAV oder TrendMicro oder F-Secure. Diese können im begrenztem Maße auch entfernen (je nach Virus halt) und findet möglicherweise mehr als AntiVir.
Probier es einfach, ist alles kostenlos. Aber letztlich ist dein System schwer komprittiert/verseucht und ein Neuaufsetzen das sicherste.
Viel Erfolg

_ Link deaktiviert, da er ins Nirvana führt. Das Nirvana ist aber nett gemacht  *BT/MOD*_


----------



## BenTigger (26 November 2004)

Hallo Wolfgang,

dein Link führt nur zu einem armen depressiven Webserver...

Hier die richtige Adresse mit  Verzweigungshinweis....

http://malware.bul-online.de/

und dann Links: Online AV-Scanner  anklicken


----------



## technofreak (26 November 2004)

http://malware.bul-online.de/av_onlinescan.php

tf


----------



## BenTigger (26 November 2004)

Ups  jetzt seh ichs... der . hinterm PHP ist mir entgangen...

Danke fürs genauer hinsehen TF


----------



## Anonymous (26 November 2004)

Hallo BenTigger  & Kollegen!

Danke für die Korrektur des Links, jetzt stimmt er genau und führt zu diesen 13 besagten Online-Scannern.

PS: werde heute abend 1 Stunde üben wie man  korrekte Links  setzt


----------

