PDA

View Full Version : Infected or not?


robert.vienna
2010-04-01, 00:47
Hi,

when I recently updated my Java suddenly Spybot made a message like "DyFuCa Internet Optimizer encountered" (see below).

The log says:

30.03.2010 23:08:26 Erlaubt (Permitted) (based on user decision) value "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" (new data: "") gelöscht (extinguished) in Browser Helper Object!
30.03.2010 23:09:20 Erlaubt (based on user decision) value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") gelöscht in ActiveX Distribution Unit!
30.03.2010 23:09:20 Erlaubt (based on user decision) value "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}" (new data: "") gelöscht in ActiveX Distribution Unit!
30.03.2010 23:09:20 Erlaubt (based on user decision) value "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" (new data: "") gelöscht in ActiveX Distribution Unit!
30.03.2010 23:09:21 Erlaubt (based on user decision) value "{8AD9C840-044E-11D1-B3E9-00805F499D93}" (new data: "") hinzugefügt (added) in ActiveX Distribution Unit!
30.03.2010 23:09:21 Erlaubt (based on user decision) value "{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}" (new data: "") hinzugefügt in ActiveX Distribution Unit!
30.03.2010 23:09:21 Erlaubt (based on user decision) value "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" (new data: "") hinzugefügt in ActiveX Distribution Unit!
30.03.2010 23:09:35 Erlaubt (based on user decision) value "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" (new data: "") hinzugefügt in Browser Helper Object!
30.03.2010 23:09:56 Erlaubt (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"") geändert in System Startup global entry!
30.03.2010 23:09:56 Encountered and terminated DyFuCA.InternetOptimizer in C:\Programme\Java\jre6\bin\jqs.exe!
31.03.2010 23:21:01 Erlaubt (based on user decision) value "NoDriveTypeAutoRun" (new data: "hex:91,00,00,") geändert in System Startup user entry!


Do I have to worry or did Spybot save me?

A system scan with spybot and AntiVir did not show anything suspicious.

regards

Robert
Shaba
2010-04-05, 20:49
Hi robert.vienna

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.