nach dem Lesen von diesen Bericht habe ich mir das Programm Gaint Antispyware heruntergeladen und Installiert. Und anschließend natürlich ausgeführt. Mit nachvollgendem Ergebniss. Trotz dass dem ich Spybot - Search & Destroy, SpywareBlaster, Ad-Aware SE Personal und TuneUp Utilities 2004 Trail am Laufen habe. Mein Betr.sys XP-Pro/ Sp2
Das Programm hat immerhin noch ein Paar Addaware's gefunden.
Mein Anliegen nun: Wie schützt Ihr euch vor solcher Spionage- Software? Also eure Erfahrungswerte sind gefragt. Villeicht kann der eine oder andere davon Profitieren. Ich habe nunmal schwer was dagegen ausspioniert zu werden.
Zitat
Spyware Scan Details
Start Date: 25.11.2004 02:59:16
End Date: 25.11.2004 03:02:00
Total Time: 2 mins 44 secs
Detected Threats
NewDotNet QuickSearchBar Adware more information...
Details: A toolbar from new.net that monitors web usage and submits you to advertising, and popups.
Status: Quarantined
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Infected files detected
c:\programme\quicksearch\quicksearchbar1_27.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}
InstaFinder Browser Hijacker more information...
Details: InstaFinder is an Internet Explorer Browser Helper search hijacker.
Status: Quarantined
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Infected files detected
c:\windows\downloaded program files\instafin.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}
HKEY_CLASSES_ROOT\instafin.INSTAFIN
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\instafin.INSTAFIN
eZula.TopText Adware more information...
Details: eZula TopText is a browser hijacker that will alter all pages viewed in Internet Explorer by adding extra links to words and phrases targeted by advertisers. These links are unauthorized by the users of the sites being viewed and not part of the orig
Status: Quarantined
High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.
Infected folders detected
c:\windows\ilookup
QuickSearch Toolbar Search Hijacker more information...
Details: QuickSearch Toolbar hijacks Internet Explorers search URLs to direct traffic to quicksearch.com.
Status: Quarantined
Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Infected files detected
c:\programme\quicksearch\quicksearchbar1_27.dll
Infected folders detected
c:\programme\quicksearch
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar UPGRADE_AUTO 1
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar CHECKIN_DATE 731811
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar TB_UPGRADE_COUNTER 30
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar CLTBID 3ee268c3930f00d52dd359eb5b43035f
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar SOURCE TBEZA1~1
HKEY_CURRENT_USER\Software\QuickSearch
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar PRT TBEZA127Q
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar InstalledPath C:\Programme\QuickSearch\QuickSearchBar1_27.dll
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_KEEP 10
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar KEEP 0
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar DISP_OLD 1
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_BUTTON 6
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_DROP_DOWN 10
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar UPGRADE_AUTO 1
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar CHECKIN_DATE 731811
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar TB_UPGRADE_COUNTER 30
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar CLTBID 3ee268c3930f00d52dd359eb5b43035f
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar SOURCE TBEZA1~1
HKEY_CURRENT_USER\Software\QuickSearch ToolVerMaj 1
HKEY_CURRENT_USER\Software\QuickSearch ToolVerMin 27
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar PRT TBEZA127Q
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\InprocServer32 C:\Programme\QuickSearch\QuickSearchBar1_27.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\ProgID QuickSearch.SearchBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\Programmable 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\TypeLib B7620AF8-B460-455a-946F-16F8BF52A9AD
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\VersionIndependentProgID QuickSearch.SearchBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252} QuickSearch Search Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand\CLSID {82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar InstalledPath C:\Programme\QuickSearch\QuickSearchBar1_27.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand\CurVer QuickSearch.SearchBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand QuickSearch Search Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Toolbar DisplayName QuickSearch Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Toolbar Type QuickSearch Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Toolbar UninstallString rundll32.exe C:\PROGRA~1\QUICKS~1\QUICKS~1.DLL,SelfUnInstall
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_KEEP 10
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar KEEP 0
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar DISP_OLD 1
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_BUTTON 6
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_DROP_DOWN 10
RealVNC Commercial Remote Control more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Ignored
Moderate threat - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance.
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run winvnc
Detected Spyware Cookies
No spyware cookies were found during this scan.
Start Date: 25.11.2004 02:59:16
End Date: 25.11.2004 03:02:00
Total Time: 2 mins 44 secs
Detected Threats
NewDotNet QuickSearchBar Adware more information...
Details: A toolbar from new.net that monitors web usage and submits you to advertising, and popups.
Status: Quarantined
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Infected files detected
c:\programme\quicksearch\quicksearchbar1_27.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}
InstaFinder Browser Hijacker more information...
Details: InstaFinder is an Internet Explorer Browser Helper search hijacker.
Status: Quarantined
Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Infected files detected
c:\windows\downloaded program files\instafin.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}
HKEY_CLASSES_ROOT\instafin.INSTAFIN
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\instafin.INSTAFIN
eZula.TopText Adware more information...
Details: eZula TopText is a browser hijacker that will alter all pages viewed in Internet Explorer by adding extra links to words and phrases targeted by advertisers. These links are unauthorized by the users of the sites being viewed and not part of the orig
Status: Quarantined
High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.
Infected folders detected
c:\windows\ilookup
QuickSearch Toolbar Search Hijacker more information...
Details: QuickSearch Toolbar hijacks Internet Explorers search URLs to direct traffic to quicksearch.com.
Status: Quarantined
Elevated threat - Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Infected files detected
c:\programme\quicksearch\quicksearchbar1_27.dll
Infected folders detected
c:\programme\quicksearch
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar UPGRADE_AUTO 1
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar CHECKIN_DATE 731811
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar TB_UPGRADE_COUNTER 30
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar CLTBID 3ee268c3930f00d52dd359eb5b43035f
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar SOURCE TBEZA1~1
HKEY_CURRENT_USER\Software\QuickSearch
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar PRT TBEZA127Q
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar InstalledPath C:\Programme\QuickSearch\QuickSearchBar1_27.dll
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_KEEP 10
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar KEEP 0
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar DISP_OLD 1
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_BUTTON 6
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_DROP_DOWN 10
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar UPGRADE_AUTO 1
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar CHECKIN_DATE 731811
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar TB_UPGRADE_COUNTER 30
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar CLTBID 3ee268c3930f00d52dd359eb5b43035f
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar SOURCE TBEZA1~1
HKEY_CURRENT_USER\Software\QuickSearch ToolVerMaj 1
HKEY_CURRENT_USER\Software\QuickSearch ToolVerMin 27
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar PRT TBEZA127Q
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\InprocServer32 C:\Programme\QuickSearch\QuickSearchBar1_27.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\ProgID QuickSearch.SearchBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\Programmable 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\TypeLib B7620AF8-B460-455a-946F-16F8BF52A9AD
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252}\VersionIndependentProgID QuickSearch.SearchBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252} QuickSearch Search Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand\CLSID {82315A18-6CFB-44a7-BDFD-90E36537C252}
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar InstalledPath C:\Programme\QuickSearch\QuickSearchBar1_27.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand\CurVer QuickSearch.SearchBand.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\classes\QuickSearch.SearchBand QuickSearch Search Bar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Toolbar DisplayName QuickSearch Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Toolbar Type QuickSearch Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch Toolbar UninstallString rundll32.exe C:\PROGRA~1\QUICKS~1\QUICKS~1.DLL,SelfUnInstall
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_KEEP 10
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar KEEP 0
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar DISP_OLD 1
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_BUTTON 6
HKEY_CURRENT_USER\Software\QuickSearch\ToolBar MAX_DROP_DOWN 10
RealVNC Commercial Remote Control more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Ignored
Moderate threat - Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance.
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run winvnc
Detected Spyware Cookies
No spyware cookies were found during this scan.
ProgrammDownload z.B bei ZDNet