Adware-Apropos

Apropos

* Aproposfix

* lade aproposfix.exe --> klicke RunThis.bat
* klicke "enter" und warte, bis sich das Fenster schliesst.
* dann kopiere die log.txt ab.

* klicke "enter" und warte, bis sich das Fenster schliesst.

aproposfix.exe

* dann kopiere die log.txt ab.

Beispiel:
Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\S\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished!

RootKitRevealer

Beispiel:

HKLM\SOFTWARE\Classes\CLSID\{7CD14DA3-6483-4677-B4F7-D8889FC8E73D}\ 
HKLM\SOFTWARE\Classes\CLSID\{7CD14DA3-6483-4677-B4F7-D8889FC8E73D}\ProgID\ 5/19/2005 
HKLM\SOFTWARE\Classes\CLSID\{9AC4614D-B649-433B-AD7E-D82CE8F0332C}\ 3/20/2005 1:31 
HKLM\SOFTWARE\Classes\rtg.breakawaycasino\CLSID\ 3/20/2005 1:31 AM 39 bytes 
HKLM\SOFTWARE\Classes\webcal\URL Protocol 2/10/2005 2:25 AM 13 bytes Data
HKLM\SOFTWARE\CrTR8AB8Yj79 10/22/2005 2:57 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCILOOKUP 2/8/2005 11:54 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCIUDFS 10/15/2005 4:43 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\PCIIde 1/22/2005 9:05 PM 0 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\PCIUdfs 10/15/2005 4:43 PM 0 bytes Hidden from Windows API.

C:\Program Files\Aolports 10/15/2005 4:43 PM 0 bytes Hidden from Windows API.
C:\Program Files\Aolports\ACE.DLL 10/15/2005 4:43 PM 568.00 KB Hidden from Windows API.
C:\Program Files\Aolports\AI_18-10-2005.log 10/18/2005 11:37 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_19-10-2005.log 10/20/2005 10:26 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_20-10-2005.log 10/21/2005 10:59 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_21-10-2005.log 10/22/2005 10:20 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_22-10-2005.log 10/22/2005 2:15 PM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_23-10-2005.log 10/23/2005 7:09 AM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\AI_24-10-2005.log 10/24/2005 1:53 PM 3 bytes Hidden from Windows API.
C:\Program Files\Aolports\Cache 10/15/2005 4:43 PM 0 bytes Hidden from Windows API.
C:\Program Files\Aolports\Cache\00000029_435135d0_000dd40a 10/15/2005 6:01 PM 6 bytes 
C:\Program Files\Aolports\Cache\DNS 10/15/2005 6:01 PM 815 bytes Hidden from Windows API.
C:\Program Files\Aolports\Cache\INDEX 10/15/2005 6:01 PM 172 bytes Hidden from Windows API.
C:\Program Files\Aolports\CLUC32GT.EXE 10/15/2005 4:43 PM 160.00 KB Hidden from Windows API.
C:\Program Files\Aolports\DATA.BIN 10/15/2005 4:43 PM 114.14 KB Hidden from Windows API.
C:\Program Files\Aolports\SOFEDB40.EXE 10/15/2005 4:43 PM 912.00 KB Hidden from Windows API.
C:\Program Files\Aolports\WinGenerics.dll 10/15/2005 4:43 PM 576.00 KB Hidden from Windows API.
C:\WINNT\SYSTEM32\DRIVERS\PORASPTI.SYS 10/15/2005 4:43 PM 12.00 KB Hidden from Windows API.
C:\WINNT\SYSTEM32\TMLAGENT.EXE 10/15/2005 4:43 PM 460.00 KB Hidden from Windows API.

f-secure - Rootkit Detection and Elimination Tool http://www.f-secure.com

doppelklick: fsbl.exe
nach dem Check klicke -- next
nun findet man eine Log-Datei(txt) auf dem Desktop

Dann starte blacklight nochmal und lasse alle Dateien, die es anzeigt umbenennen (ausser C:\WINDOWS\system32\wbem\wbemtest.exe)

scan --> next none auf rename ändern

Dann lass Blacklight den Rechner neu starten.

Beispiel:

10/25/05 09:45:25 [Info]: Hidden process: C:\PROGRAM FILES\AOLPORTS\SOFEDB40.EXE
10/25/05 09:45:25 [Info]: Hidden process: C:\WINNT\SYSTEM32\TMLAGENT.EXE
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\WinGenerics.dll
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\ACE.DLL
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\DATA.BIN
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\CLUC32GT.EXE
10/25/05 09:45:26 [Info]: Hidden file: C:\PROGRAM FILES\AOLPORTS\SOFEDB40.EXE
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\Cache\DNS
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\Cache\00000029_435135d0_000dd40a
10/25/05 09:45:26 [Info]: Hidden file: C:\Program Files\Aolports\Cache\INDEX
10/25/05 09:45:38 [Info]: Hidden file: C:\WINNT\SYSTEM32\TMLAGENT.EXE
10/25/05 09:45:43 [Info]: Hidden file: C:\WINNT\SYSTEM32\DRIVERS\PORASPTI.SYS

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 208.60.169.22:80

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable 0*00000000(0)

Counter-Box.de

Sicherheit im InterNet

Adware Apropos

Apropos

Apropos