bluescreen - problem: your system is infected |
||
---|---|---|
#0
| ||
08.10.2005, 22:57
Ehrenmitglied
Beiträge: 29434 |
||
|
||
08.10.2005, 23:00
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#2
Hallo@michael E
mit den Logs per PM kann ich nicht viel anfangen, und per PM loese ich grundsaetzlich keine Probleme. Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above --> just start the program --> Save--> Savelog -->es ffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfgen" kopiere alle 4 logs ab http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.10.2005, 23:09
...neu hier
Beiträge: 8 |
#3
ich bin nicht allein! danke
Logfile of HijackThis v1.99.1 Scan saved at 15:45:30, on 08.10.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\System32\rtxb\deyvq.exe C:\WINDOWS\System32\rtxb\deyvq.exe C:\WINDOWS\System32\gearsec.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.exe C:\Programme\D-Tools\daemon.exe C:\WINDOWS\System32\eukh\vqvan.exe C:\WINDOWS\System32\nruhwm\qvbfflqj.exe C:\WINDOWS\System32\xuvqteil\vcyuuqs.exe C:\WINDOWS\System32\spqt\pcgcd.exe C:\WINDOWS\System32\ymjfv\nmyfdm.exe C:\WINDOWS\System32\mxbapojv\mfonmomx.exe C:\program files\tvs\tvs_b.exe C:\WINDOWS\System32\nsvsvc\nsvsvc.exe C:\WINDOWS\System32\vidctrl\vidctrl.exe C:\WINDOWS\System32\dpeoc5a1.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\System32\mvlfhpyo\xcvegegp.exe C:\WINDOWS\System32\paytime.exe C:\Programme\SurfAccuracy\SAcc.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\snss\snss.exe C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe C:\Programme\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\System32\argmq\opuywuo.exe C:\WINDOWS\System32\jqwffi\hhmaxy.exe D:\12 Software temp\Distillr\Acrotray.exe C:\Programme\Acer\Notebook Manager\almxptray.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\Web Offer\wo.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Gemeinsame Dateien\Windows\services32.exe C:\WINDOWS\system32\cmd.exe C:\Programme\Gemeinsame Dateien\services.exe C:\Dokumente und Einstellungen\m e\Desktop\SpSeHjfix112.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\OPScan.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\ME09B9~1\LOKALE~1\Temp\Rar$EX00.901\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe O1 - Hosts: 127.0.0.4 n-glx.s-redirect.com O1 - Hosts: 127.0.0.4 x.full-tgp.net O1 - Hosts: 127.0.0.4 counter.sexmaniack.com O1 - Hosts: 127.0.0.4 autoescrowpay.com O1 - Hosts: 127.0.0.4 www.autoescrowpay.com O1 - Hosts: 127.0.0.4 www.awmdabest.com O1 - Hosts: 127.0.0.4 www.sexfiles.nu O1 - Hosts: 127.0.0.4 awmdabest.com O1 - Hosts: 127.0.0.4 sexfiles.nu O1 - Hosts: 127.0.0.4 allforadult.com O1 - Hosts: 127.0.0.4 www.allforadult.com O1 - Hosts: 127.0.0.4 www.iframe.biz O1 - Hosts: 127.0.0.4 iframe.biz O1 - Hosts: 127.0.0.4 www.newiframe.biz O1 - Hosts: 127.0.0.4 newiframe.biz O1 - Hosts: 127.0.0.4 www.vesbiz.biz O1 - Hosts: 127.0.0.4 vesbiz.biz O1 - Hosts: 127.0.0.4 www.pizdato.biz O1 - Hosts: 127.0.0.4 pizdato.biz O1 - Hosts: 127.0.0.4 www.aaasexypics.com O1 - Hosts: 127.0.0.4 aaasexypics.com O1 - Hosts: 127.0.0.4 www.virgin-tgp.net O1 - Hosts: 127.0.0.4 virgin-tgp.net O1 - Hosts: 127.0.0.4 www.awmcash.biz O1 - Hosts: 127.0.0.4 awmcash.biz O1 - Hosts: 127.0.0.4 buldog-stats.com O1 - Hosts: 127.0.0.4 www.buldog-stats.com O1 - Hosts: 127.0.0.4 fregat.drocherway.com O1 - Hosts: 127.0.0.4 slutmania.biz O1 - Hosts: 127.0.0.4 www.slutmania.biz O1 - Hosts: 127.0.0.4 toolbarpartner.com O1 - Hosts: 127.0.0.4 www.toolbarpartner.com O1 - Hosts: 127.0.0.4 www.megapornix.com O1 - Hosts: 127.0.0.4 megapornix.com O1 - Hosts: 127.0.0.4 www.sp2F***.biz O1 - Hosts: 127.0.0.4 sp2F***.biz O1 - Hosts: 127.0.0.4 greg-tut.com O1 - Hosts: 127.0.0.4 www.greg-tut.com O1 - Hosts: 127.0.0.4 nylonsexy.com O1 - Hosts: 127.0.0.4 www.nylonsexy.com O1 - Hosts: 127.0.0.4 vparivalka.com O1 - Hosts: 127.0.0.4 www.vparivalka.com O1 - Hosts: 127.0.0.4 iframeprofit.com O1 - Hosts: 127.0.0.4 www.iframeprofit.com O1 - Hosts: 127.0.0.4 topsearch10.com O1 - Hosts: 127.0.0.4 www.topsearch10.com O1 - Hosts: 127.0.0.4 statscash.biz O1 - Hosts: 127.0.0.4 www.statscash.biz O1 - Hosts: 127.0.0.4 vxiframe.biz O1 - Hosts: 127.0.0.4 www.vxiframe.biz O1 - Hosts: 127.0.0.4 crazy-toolbar.com O1 - Hosts: 127.0.0.4 www.crazy-toolbar.com O1 - Hosts: 127.0.0.4 topcash.biz O1 - Hosts: 127.0.0.4 www.topcash.biz O1 - Hosts: 127.0.0.4 loadcash.biz O1 - Hosts: 127.0.0.4 www.loadcash.biz O1 - Hosts: 127.0.0.4 txiframe.biz O1 - Hosts: 127.0.0.4 www.txiframe.biz O1 - Hosts: 127.0.0.4 procounter.biz O1 - Hosts: 127.0.0.4 www.procounter.biz O1 - Hosts: 127.0.0.4 advadmin.biz O1 - Hosts: 127.0.0.4 www.advadmin.biz O1 - Hosts: 127.0.0.4 trafficbest.net O1 - Hosts: 127.0.0.4 www.trafficbest.net O1 - Hosts: 127.0.0.4 besthvac.com O1 - Hosts: 127.0.0.4 www.besthvac.com O1 - Hosts: 127.0.0.4 traff4.com O1 - Hosts: 127.0.0.4 www.traff4.com O1 - Hosts: 127.0.0.4 ambush-script.com O1 - Hosts: 127.0.0.4 www.ambush-script.com O1 - Hosts: 127.0.0.4 beehappyy.biz O1 - Hosts: 127.0.0.4 www.beehappyy.biz O1 - Hosts: 127.0.0.4 tracktraff.cc O1 - Hosts: 127.0.0.4 www.tracktraff.cc O1 - Hosts: 127.0.0.4 allcount.net O1 - Hosts: 127.0.0.4 www.allcount.net O1 - Hosts: 127.0.0.4 onedayoffer.biz O1 - Hosts: 127.0.0.4 www.onedayoffer.biz O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\12 Software temp\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file) O2 - BHO: - {0eddccf0-2d80-4917-9000-eb43b37b1726} - C:\WINDOWS\System32\phxplbel.dll O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Programme\DNS\Catcher.dll O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file) O2 - BHO: - {360834e8-7d10-483d-8bc3-b62277299c65} - C:\WINDOWS\System32\phxz.dll O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\12 Software temp\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [vqvan] C:\WINDOWS\System32\eukh\vqvan.exe O4 - HKLM\..\Run: [qvbfflqj] C:\WINDOWS\System32\nruhwm\qvbfflqj.exe O4 - HKLM\..\Run: [vcyuuqs] C:\WINDOWS\System32\xuvqteil\vcyuuqs.exe O4 - HKLM\..\Run: [pcgcd] C:\WINDOWS\System32\spqt\pcgcd.exe O4 - HKLM\..\Run: [nmyfdm] C:\WINDOWS\System32\ymjfv\nmyfdm.exe O4 - HKLM\..\Run: [mfonmomx] C:\WINDOWS\System32\mxbapojv\mfonmomx.exe O4 - HKLM\..\Run: [deyvq] C:\WINDOWS\System32\rtxb\deyvq.exe O4 - HKLM\..\Run: [TVS_B] C:\program files\tvs\tvs_b.exe O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINDOWS\srchupdt.exe O4 - HKLM\..\Run: [dpeoc5a1] C:\WINDOWS\System32\dpeoc5a1.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [xcvegegp] C:\WINDOWS\System32\mvlfhpyo\xcvegegp.exe O4 - HKLM\..\Run: [iTunesHelper] __C:\Programme\iTunes\iTunesHelper.exe__ O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [xkxtgwed] C:\WINDOWS\System32\frls\xkxtgwed.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\bfgkj.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [stb] C:\WINDOWS\System32\stb.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [snss Launcher] "C:\Programme\snss\snss.exe" O4 - HKLM\..\Run: [SAHBundle] C:\DOKUME~1\ME09B9~1\LOKALE~1\Temp\kdsip.exe run O4 - HKLM\..\Run: [qcskreov] C:\WINDOWS\System32\iexqon\qcskreov.exe O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe O4 - HKLM\..\Run: [opuywuo] C:\WINDOWS\System32\argmq\opuywuo.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe O4 - HKLM\..\Run: [mqxom] C:\WINDOWS\System32\ikgplmfo\mqxom.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [hhmaxy] C:\WINDOWS\System32\jqwffi\hhmaxy.exe O4 - HKLM\..\Run: [gwbn] C:\WINDOWS\System32\osai\gwbn.exe O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe" O4 - HKLM\..\Run: [bwwqrona] C:\WINDOWS\System32\bnveswu\bwwqrona.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\12 Software temp\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [AcerNotebookManager] C:\Programme\Acer\Notebook Manager\almxptray.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Programme\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe O4 - HKLM\..\RunOnce: [tvs_re] C:\Program Files\Common Files\Java\tvs_re_inst.exe O4 - HKCU\..\Run: [services32] C:\Programme\Gemeinsame Dateien\Windows\mc-58-12-0000137.exe O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-58-12-0000137.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche bersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: LEO Englisch <-> Deutsch - C:\Programme\LEO-Ext-for-IE\DE_EN.htm O8 - Extra context menu item: LEO Franzsisch <-> Deutsch - C:\Programme\LEO-Ext-for-IE\DE_FR.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: hnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\nosuch.mht!http://traffsale.biz/dl/adv645/x.chm::/load.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://adextension.com/ext1/gca.chm::/0006_regular.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2ADA5A45-C9EC-422F-B67F-4A4B49CED8CC}: NameServer = 85.255.113.101,85.255.112.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{6900777C-0174-4040-AC96-770773D97780}: NameServer = 85.255.113.101,85.255.112.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{8AAB150D-46D2-497D-8BA7-E88C4B872144}: NameServer = 85.255.113.101,85.255.112.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{DD91AC42-5B8E-497E-B713-53CC8520C070}: NameServer = 85.255.113.101,85.255.112.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{E05A4817-E1DD-484F-B6FD-6B9BE0233808}: NameServer = 85.255.113.101,85.255.112.11 O17 - HKLM\System\CS1\Services\Tcpip\..\{2ADA5A45-C9EC-422F-B67F-4A4B49CED8CC}: NameServer = 85.255.113.101,85.255.112.11 O17 - HKLM\System\CS2\Services\Tcpip\..\{2ADA5A45-C9EC-422F-B67F-4A4B49CED8CC}: NameServer = 85.255.113.101,85.255.112.11 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Programme\Gemeinsame Dateien\Mediafour\MacDriveiTunesPatch.dll O20 - Winlogon Notify: mcfCC4 - C:\WINDOWS\SYSTEM32\mcfCC4.dll O20 - Winlogon Notify: style2 - C:\WINDOWS\q1848598.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: bwwqronabnveswu - Unknown owner - C:\WINDOWS\System32\bnveswu\bwwqrona.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: deyvqrtxb - Unknown owner - C:\WINDOWS\System32\rtxb\deyvq.exe O23 - Service: Service de scurit matrielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe |
|
|
||
09.10.2005, 00:59
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#4
da gibt es keine Rettung mehr, und es ist ein Rekord fuer mich...so einen verseuchten und schlecht gepflegten PC habe ich noch nicht gesehen.
Formatiere bitte sofort. und poste dann das neue HijackThis (mache aber vorher die Windowsupdates, denn ohne die ist der PC im Handumdrehen wieder verseucht) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.10.2005, 03:21
...neu hier
Beiträge: 8 |
#5
danke fr die hilfe
kommt ausser formatieren nichts in frage? gibt's keine notlsung? |
|
|
||
09.10.2005, 10:17
Moderator
Beiträge: 7805 |
#6
Loesungen gibt es immer, nur ist es in deinem Falle viel zu aufwendig und mit neu aufsetzen bist du schneller und hast den Rechner wirklich sauber.
Bitte das dabei beachten http://board.protecus.de/t13020.htm Edit: Das Ding wird dir auch noch einen Passwoerterstehlenden und auch sonst recht ausspionierenden Goldrun Rootkit Trojaner installiert hxxp://traffsale.biz/dl/adv645/x.chm::/load.exe, alsobrauhst du das ganzen neuaufsetzpaket mit allen infos! __________ MfG Ralf SEO-Spam Hunter |
|
|
||
10.10.2005, 19:19
...neu hier
Beiträge: 8 |
#7
HALLO, DAS IST MEIN NEUES LODFILE NACH DER FORMATIERUNG! ICH HOFFE VIRENFREI
Logfile of HijackThis v1.99.1 Scan saved at 12:15:44 PM, on 10/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Norton AntiVirus\navapsvc.exe E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\DOCUME~1\me\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
||
11.10.2005, 00:08
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#8
wau ...ich bin begeistert solche logs will ich hier immer sehen
windsdoorcleaner http://virus-protect.org/windsdoorcleaner.html Eingeschrnktes Benutzerkonto http://virus-protect.org/administrator.html hab acht im Net, und sei immer misstrauisch...klicke nicht auf alles, was blinkt __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.10.2005, 16:56
...neu hier
Beiträge: 8 |
#9
Hallo,
kann jemand bitte mein logfile kontrollieren? Ich habe den Verdacht, dass etwas faul ist, da ich wieder pop up fenster kriege! thanks Logfile of HijackThis v1.99.1 Scan saved at 9:51:06 AM, on 10/31/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Common Files\Symantec Shared\ccApp.exe E:\Program Files\D-Tools\daemon.exe E:\Program Files\QuickTime\qttask.exe E:\WINDOWS\system32\igfxtray.exe E:\WINDOWS\system32\hkcmd.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\Common Files\Mediafour\MACVNTFY.EXE E:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe E:\Program Files\Microsoft Hardware\Mouse\point32.exe E:\Program Files\ISTsvc\istsvc.exe E:\WINDOWS\nidwkag.exe E:\Program Files\SurfAccuracy\SAcc.exe E:\Program Files\Internet Optimizer\optimize.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\Olympus\DeviceDetector\DevDtct2.exe E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe E:\WINDOWS\system32\gearsec.exe E:\Program Files\Norton AntiVirus\navapsvc.exe E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\DOCUME~1\me\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe E:\DOCUME~1\me\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - E:\WINDOWS\nem220.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - E:\WINDOWS\system32\qlink32.dll (file missing) O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - E:\Program Files\SideFind\sfbho.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - E:\Program Files\YourSiteBar\ysb.dll O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] __E:\Program Files\iTunes\iTunesHelper.exe__ O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "E:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [GMo2] E:\WINDOWS\nidwkag.exe O4 - HKLM\..\Run: [SurfAccuracy] E:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [Power Scan] E:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Stickies] E:\Program Files\Stickies\Stickies.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = E:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Device Detector 2.lnk = E:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Getting Started with MacDrive 5.lnk = E:\Program Files\Mediafour\MacDrive5\MDGSTART.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - E:\Program Files\SideFind\sidefind.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - E:\WINDOWS\system32\qlink32.dll O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: MacDrive-iTunes compatibility - E:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Service de scurit matrielle (GEARSecurity) - GEAR Software - E:\WINDOWS\system32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
|
||
31.10.2005, 18:16
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#10
michael E
du klickst wirklich auf alles im Internet, was blinkt....du musst vorsichtiger sein....schade um den schoenen sauberen PC......~~ ffne das HijackThis -- Button "scan" -- vor die Malware-Eintrge Hkchen setzen -- Button "Fix checked" -- PC neustarten R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - E:\WINDOWS\nem220.dll (file missing) O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - E:\WINDOWS\system32\qlink32.dll (file missing) O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - E:\Program Files\SideFind\sfbho.dll O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - E:\Program Files\YourSiteBar\ysb.dll O4 - HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe O4 - HKLM\..\Run: [GMo2] E:\WINDOWS\nidwkag.exe O4 - HKLM\..\Run: [SurfAccuracy] E:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [Power Scan] E:\Program Files\Power Scan\powerscan.exe O4 - HKCU\..\Run: [Stickies] E:\Program Files\Stickies\Stickies.exe O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - E:\Program Files\SideFind\sidefind.dll O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - E:\WINDOWS\system32\qlink32.dll PC neustarten CCleaner (loesche alle temporaeren dateien) http://virus-protect.org/temp.html Killbox http://virus-protect.org/killbox.html DelTree (include SubDirectories) Man will zum Beispiel einen Ordner lschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelscht. E:\Program Files\SideFind E:\Program Files\Internet Optimizer E:\Program Files\SurfAccuracy E:\Program Files\ISTsvc E:\Program Files\YourSiteBar E:\Program Files\Power Scan loesche auch: E:\WINDOWS\system32\qlink32.dll E:\WINDOWS\nidwkag.exe scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html scanne mit panda und poste auch den scanreport http://virus-protect.org/onlinescan.html counterspy nach dem Scan muss man sich entscheiden fr: *Ignore *Remove *Quarantaine whle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.11.2005, 16:46
...neu hier
Beiträge: 8 |
#11
danke fr die hilfe, ich habe die blinkende maus eliminiert.
ich bin gerade dabei einen 2ten account aufzusetzen frs surfen und emailen. ich installiere thunderbird. trotz firewall und pop up blocker kriege ich immer wieder ungewollte pop up fenster. gibt es ein mittel dagegen? |
|
|
||
01.11.2005, 20:01
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#12
hast du denn erst mal abgearbeitet, was ich geschrieben hatte ????
Ich sehe kein Log vom Counterspy, so sehr ich auch meine Augen reibe...... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.11.2005, 22:04
...neu hier
Beiträge: 8 |
#13
Hallo, hier sind die Scan Details.
Ich benutze ansonsten norton antivirus zum scannen. Bitte um Rat mit dem Kommunikationsproblem auf dem limitierten account. Danke Spyware Scan Details Start Date: 11/3/2005 10:25:32 AM End Date: 11/3/2005 11:23:37 AM Total Time: 58 mins 5 secs Detected spyware AvenueMedia.DyFuCA Browser Plug-in more information... Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. Status: Deleted Infected files detected e:\program files\internet optimizer\optimize.exe Infected registry entries detected HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb} HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 E:\WINDOWS\nem220.dll HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR E:\WINDOWS\ HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName E:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName E:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi12 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29744704,2878899616 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 21600 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-1598a6e1042bbba7665963b0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1130693281 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1130693281 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 356,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName E:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi12 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29744704,2878899616 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 21600 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-1598a6e1042bbba7665963b0 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1130693281 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1130693281 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 356,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon E:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "E:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_CLASSES_ROOT\dyfuca_bh.bhobj HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj BHObj Class HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES HKEY_CURRENT_USER\Software\Policies\Avenue Media HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt IST.ISTbar Browser Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a users consent using an Internet Explorer toolbar. Status: Deleted Infected files detected e:\program files\istsvc\istsvc.exe e:\documents and settings\me\start menu\programs\power scan\power scan.lnk e:\program files\sidefind\sfbho.dll e:\program files\sidefind\sfexd001 e:\program files\sidefind\sidefind.dll e:\program files\sidefind\update\sidefind.exe e:\program files\power scan\powerscan.exe e:\program files\power scan\uninstall.exe Infected registry entries detected HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist exe_start 2 HKEY_CURRENT_USER\software\ist InstallDate 2005-10-30 19:26:04 HKEY_CURRENT_USER\software\ist account_id 1003918 HKEY_CURRENT_USER\software\ist config ysb_m3 HKEY_CURRENT_USER\software\ist Recover !ZpHc+ r/˨Y09c;}ˉ؈F1 NjL9ƍ,&^ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc DisplayName ISTsvc HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc UninstallString E:\PROGRAM FILES\ISTSVC\ISTSVC.EXE /remove HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc NoModify 1 HKEY_CURRENT_USER\Software\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName E:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi12 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29744704,2878899616 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 21600 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-1598a6e1042bbba7665963b0 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1130693281 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1130693281 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 356,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc DisplayName ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc UninstallString E:\PROGRAM FILES\ISTSVC\ISTSVC.EXE /remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayIcon E:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayName Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer UninstallString "E:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 E:\WINDOWS\nem220.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR E:\WINDOWS\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 DyFuCA_BH 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127751751664796192 1201|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127751841667914320 1202|259200 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127752165275103728 1227|2678400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127752544110747696 1216|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127752653027411552 1206|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc version 1024 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_name istsvc.exe HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_url http://cache.ysbweb.com/ist/softwares/istupdates/istsvc_updater.exe HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc ui F2CBADC8-7DDE-47ad-8838-706927B4E00A HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_initial_delay 600 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_count 5 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_count 2 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_limit 4 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_count 0 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_version 1024 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_count 3 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc account_id 1003918 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_date HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_interval 9000 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_last HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_interval 86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_last HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_interval 432000 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_last IST.PowerScan Adware more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected files detected e:\documents and settings\me\start menu\programs\power scan\power scan.lnk e:\program files\power scan\powerscan.exe Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist exe_start 2 HKEY_CURRENT_USER\software\ist InstallDate 2005-10-30 19:26:04 HKEY_CURRENT_USER\software\ist account_id 1003918 HKEY_CURRENT_USER\software\ist config ysb_m3 HKEY_CURRENT_USER\software\ist Recover !ZpHc+ r/˨Y09c;}ˉ؈F1 NjL9ƍ,&^ IST.SideFind Adware more information... Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons. Status: Deleted Infected files detected e:\program files\sidefind\update\sidefind.exe e:\program files\sidefind\sfbho.dll e:\program files\sidefind\sfexd001 e:\program files\sidefind\sidefind.dll E:\Program Files\Power Scan\powerscan.exe Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper BAHelper Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 E:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CurVer SideFind.Finder.1 HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder SideFind HKEY_LOCAL_MACHINE\SOFTWARE\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 0 online poker HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 1 adult dating HKEY_LOCAL_MACHINE\SOFTWARE\SideFind account_id 106 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathBHO E:\Program Files\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathDLL E:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathXML E:\Program Files\SideFind\sfexd001 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathEXE E:\Program Files\Sidefind\update\sidefind.exe HKEY_LOCAL_MACHINE\SOFTWARE\SideFind InstallDate 2005-10-30 19:26:38 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind SearchSite http://www.sidefind.com/results.php?target=_external& HKEY_LOCAL_MACHINE\SOFTWARE\SideFind update 1130959599 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind ver 1.3 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind IntervalBetweenShows 240 HKEY_LOCAL_MACHINE\SOFTWARE\SideFind show 1 HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807} HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 E:\Program Files\SideFind\sidefind.dll HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1 HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind DisplayName SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind UninstallString "E:\Program Files\Sidefind\update\sidefind.exe" /remove HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 BAHelper Class HKEY_CLASSES_ROOT\SideFind.Finder.1 HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder.1 SideFind HKEY_CLASSES_ROOT\SideFind.Finder HKEY_CLASSES_ROOT\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\SideFind.Finder\CurVer SideFind.Finder.1 HKEY_CLASSES_ROOT\SideFind.Finder SideFind HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 BAHelper Class HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8} HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1 HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper BAHelper Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind shoppingautosearch true HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind webautosearch true YourSiteBar Spyware more information... Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar. Status: Deleted Infected files detected e:\program files\yoursitebar\imagemap_normal.bmp e:\program files\yoursitebar\imagemap_over.bmp e:\program files\yoursitebar\version.txt e:\program files\yoursitebar\yoursitebar.xml e:\program files\yoursitebar\ysb.dll Infected registry entries detected HKEY_LOCAL_MACHINE\Software\YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles E:\Program Files\YourSiteBar\yoursitebar.xml 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles E:\Program Files\YourSiteBar\imagemap_normal.bmp 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles E:\Program Files\YourSiteBar\imagemap_over.bmp 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles E:\Program Files\YourSiteBar\version.txt 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar installTitle YourSiteBar HKEY_LOCAL_MACHINE\Software\YourSiteBar serverpath http://cache.ysbweb.com/ysb/xml/1003918/ HKEY_LOCAL_MACHINE\Software\YourSiteBar urlAfterInstall http://www.ysbweb.com/install/welcome.html HKEY_LOCAL_MACHINE\Software\YourSiteBar gUpdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar TBRowMode 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar yoursitebar.xml -481029006 HKEY_LOCAL_MACHINE\Software\YourSiteBar imagemap_normal.bmp -1489920536 HKEY_LOCAL_MACHINE\Software\YourSiteBar imagemap_over.bmp -1489920536 HKEY_LOCAL_MACHINE\Software\YourSiteBar showcorrupted 1 HKEY_LOCAL_MACHINE\Software\YourSiteBar updatever HKEY_LOCAL_MACHINE\Software\YourSiteBar refreshscope 1440 HKEY_LOCAL_MACHINE\Software\YourSiteBar allowupdate 0 HKEY_LOCAL_MACHINE\Software\YourSiteBar LastCheckTime 1130791704 HKEY_LOCAL_MACHINE\Software\YourSiteBar version.txt -186917087 HKEY_LOCAL_MACHINE\Software\YourSiteBar UpdateBegin 0 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar DisplayName YourSiteBar HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar UninstallString regsvr32 /u /s "E:\Program Files\YourSiteBar\ysb.dll" HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar Publisher Integrated Seach Technologies HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HelpLink http://www.ysbweb.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar DisplayName YourSiteBar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar UninstallString regsvr32 /u /s "E:\Program Files\YourSiteBar\ysb.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar Publisher Integrated Seach Technologies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar HelpLink http://www.ysbweb.com HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\InprocServer32 E:\Program Files\YourSiteBar\ysb.dll HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ProgID Ysb.YsbObj.1 HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\TypeLib {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\VersionIndependentProgID Ysb.YsbObj HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} YourSiteBar HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} IYsbObj HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} IContextItem HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\InprocServer32 E:\Program Files\YourSiteBar\ysb.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ProgID Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\TypeLib {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\VersionIndependentProgID Ysb.YsbObj HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} YourSiteBar HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} IYsbObj HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} IContextItem HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44} HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\0\win32 E:\Program Files\YourSiteBar\ysb.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\HELPDIR E:\Program Files\YourSiteBar\ HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0 Ysb 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj\CurVer Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj YourSiteBar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 YourSiteBar HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44} HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\0\win32 E:\Program Files\YourSiteBar\ysb.dll HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\HELPDIR E:\Program Files\YourSiteBar\ HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0 Ysb 1.0 Type Library HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar HKEY_CLASSES_ROOT\Ysb.YsbObj.1 HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686} HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar SurfAccuracy Adware more information... Status: Deleted Infected files detected e:\program files\surfaccuracy\license.lnk e:\program files\surfaccuracy\sacc.cfg e:\program files\surfaccuracy\sacc.exe e:\program files\surfaccuracy\saccu.exe Infected registry entries detected HKEY_LOCAL_MACHINE\Software\SAcc HKEY_LOCAL_MACHINE\Software\SAcc accid 104 HKEY_LOCAL_MACHINE\Software\SAcc subaccid 1003918 HKEY_LOCAL_MACHINE\Software\SAcc Version 1116 HKEY_LOCAL_MACHINE\Software\SAcc InstallDate 1130700372 HKEY_LOCAL_MACHINE\Software\SAcc CfgReloadAttempts 2 HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1130909094 HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString E:\Program Files\SurfAccuracy\SAccU.exe Adw.SearchFast.Toolbar Browser Hijacker and Toolbar more information... Details: The Adw.SearchFast.Toolbar is an IE toolbar and uses a BHO which hijacks the error page. Status: Deleted Infected files detected e:\program files\quick links\uninst.exe e:\program files\quick links\uninst.log e:\windows\system32\preuninstallql.exe e:\windows\system32\qldf.bin Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}\TypeLib {423550E9-2F83-4678-9929-C1774088B180} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2} ILinkTracker HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker\CLSID {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker LinkTracker Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker.1\CLSID {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker.1 LinkTracker Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter.1\CLSID {3551784B-E99A-474f-B782-3EC814442918} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter.1 QuickLinksFilter Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter\CLSID {3551784B-E99A-474f-B782-3EC814442918} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter QuickLinksFilter Class HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Links HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Links UninstallString E:\Program Files\Quick Links\Uninst.exe -s E:\Program Files\Quick Links\Uninst.log HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Links DisplayName Quick Links QuickLinks Monitoring Software more information... Details: QuickLinks is Adware that redirects your searches to affiliate sites and may monitor your search terms. Status: Deleted Infected files detected e:\program files\quick links\uninst.exe e:\program files\quick links\uninst.log E:\WINDOWS\system32\PreUninstallQL.exe Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918} HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\InprocServer32 E:\WINDOWS\system32\qlink32.dll HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\InprocServer32 ThreadingModel both HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\KeyPhrasesFileName qldf.bin HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\ProgID QuickLinks.QuickLinksFilter.1 HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\VersionIndependentProgID QuickLinks.QuickLinksFilter HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918} QuickLinksFilter Class HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter.1 HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter.1\CLSID {3551784B-E99A-474f-B782-3EC814442918} HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter.1 QuickLinksFilter Class HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Quick Links HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Quick Links UninstallString E:\Program Files\Quick Links\Uninst.exe -s E:\Program Files\Quick Links\Uninst.log HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Quick Links DisplayName Quick Links HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter\CLSID {3551784B-E99A-474f-B782-3EC814442918} HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter QuickLinksFilter Class HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918} HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\InprocServer32 E:\WINDOWS\system32\qlink32.dll HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\InprocServer32 ThreadingModel both HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\KeyPhrasesFileName qldf.bin HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\ProgID QuickLinks.QuickLinksFilter.1 HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\VersionIndependentProgID QuickLinks.QuickLinksFilter HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918} QuickLinksFilter Class HKEY_LOCAL_MACHINE\SOFTWARE\QL HKEY_LOCAL_MACHINE\SOFTWARE\QL st 1 HKEY_LOCAL_MACHINE\SOFTWARE\QL si 19903 HKEY_LOCAL_MACHINE\SOFTWARE\QL ia 1 HKEY_LOCAL_MACHINE\SOFTWARE\QL im 14 Unclassified.Spyware.57 Spyware more information... Status: Deleted Infected files detected E:\RECYCLER\S-1-5-21-2052111302-492894223-839522115-1003\De31.exe Xrenoder Browser Plug-in more information... Details: Xrenoder is a multi faceted Trojan. It is an Internet Explorer-Toolbar, homepage and search hijacker which resets your browser's home page and search settings to point to other affiliate sites. Xrenoder also displays pornographic popup ads. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\istsvc HKEY_LOCAL_MACHINE\software\istsvc\history 127751751664796192 1201|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127751841667914320 1202|259200 HKEY_LOCAL_MACHINE\software\istsvc\history 127752165275103728 1227|2678400 HKEY_LOCAL_MACHINE\software\istsvc\history 127752544110747696 1216|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127752653027411552 1206|86400 HKEY_LOCAL_MACHINE\software\istsvc version 1024 HKEY_LOCAL_MACHINE\software\istsvc app_name istsvc.exe HKEY_LOCAL_MACHINE\software\istsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php HKEY_LOCAL_MACHINE\software\istsvc update_url http://cache.ysbweb.com/ist/softwares/istupdates/istsvc_updater.exe HKEY_LOCAL_MACHINE\software\istsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php HKEY_LOCAL_MACHINE\software\istsvc ui F2CBADC8-7DDE-47ad-8838-706927B4E00A HKEY_LOCAL_MACHINE\software\istsvc popup_initial_delay 600 HKEY_LOCAL_MACHINE\software\istsvc popup_count 5 HKEY_LOCAL_MACHINE\software\istsvc popup_day_count 2 HKEY_LOCAL_MACHINE\software\istsvc popup_day_limit 4 HKEY_LOCAL_MACHINE\software\istsvc update_count 0 HKEY_LOCAL_MACHINE\software\istsvc update_version 1024 HKEY_LOCAL_MACHINE\software\istsvc config_count 3 HKEY_LOCAL_MACHINE\software\istsvc account_id 1003918 HKEY_LOCAL_MACHINE\software\istsvc app_date HKEY_LOCAL_MACHINE\software\istsvc popup_interval 9000 HKEY_LOCAL_MACHINE\software\istsvc popup_last HKEY_LOCAL_MACHINE\software\istsvc update_interval 86400 HKEY_LOCAL_MACHINE\software\istsvc update_last HKEY_LOCAL_MACHINE\software\istsvc config_interval 432000 HKEY_LOCAL_MACHINE\software\istsvc config_last Internet Optimizer Browser Hijacker more information... Details: Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com. Status: Deleted Infected files detected E:\Program Files\SideFind\sidefind.dll Infected registry entries detected HKEY_CURRENT_USER\software\avenue media HKEY_LOCAL_MACHINE\software\policies\avenue media HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library IST.SlotchBar Toolbar more information... Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0 HKEY_CURRENT_USER\Software\IST HKEY_CURRENT_USER\Software\IST exe_start 2 HKEY_CURRENT_USER\Software\IST InstallDate 2005-10-30 19:26:04 HKEY_CURRENT_USER\Software\IST account_id 1003918 HKEY_CURRENT_USER\Software\IST config ysb_m3 HKEY_CURRENT_USER\Software\IST Recover !ZpHc+ r/˨Y09c;}ˉ؈F1 NjL9ƍ,&^ IST.XXXToolbar Toolbar more information... Details: Adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected files detected E:\Program Files\SideFind\sfbho.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc DisplayName ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc UninstallString E:\PROGRAM FILES\ISTSVC\ISTSVC.EXE /remove HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc NoModify 1 HKEY_CURRENT_USER\Software\IST HKEY_CURRENT_USER\Software\IST exe_start 2 HKEY_CURRENT_USER\Software\IST InstallDate 2005-10-30 19:26:04 HKEY_CURRENT_USER\Software\IST account_id 1003918 HKEY_CURRENT_USER\Software\IST config ysb_m3 HKEY_CURRENT_USER\Software\IST Recover !ZpHc+ r/˨Y09c;}ˉ؈F1 NjL9ƍ,&^ HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library |
|
|
||
04.11.2005, 01:29
Ehrenmitglied
Themenstarter Beiträge: 29434 |
#14
ich verstehe nicht, wie man soviel Muell laden kann...bekommst du das nicht mit ?????
Wenn der PC sauber ist, muesste auch wieder alles andere klappen. scanne mit ewido und poste den scanreport http://virus-protect.org/ewido.html scanne mit panda und poste auch den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2005, 21:50
...neu hier
Beiträge: 8 |
#15
ich habe firewall,
pop up blocker von windows ich scanne regelmig. trotzdem schleichen sich "dinge" bei mir ein. ich glaube pc's knnen einfach nicht 100% dicht sein. warum soll ich mit all diesen scannern EWIDO, PANDA scannen. ich habe ja norton! danke fr jeden tipp! michael |
|
|
||
hallo
ich habe das bluescreen - problem: your system is infected. bitte um hilfe
(8.10.05 13:17:12) SPSeHjFix started v1.1.2
(8.10.05 13:17:12) OS: WinXP (5.1.2600)
(8.10.05 13:17:12) Language: deutsch
(8.10.05 13:17:12) Win-Path: C:\WINDOWS
(8.10.05 13:17:12) System-Path: C:\WINDOWS\System32
(8.10.05 13:17:12) Temp-Path: C:\DOKUME~1\ME09B9~1\LOKALE~1\Temp\
(8.10.05 13:17:25) Disinfection started
(8.10.05 13:17:25) Bad-Dll(IEP): (not found)
(8.10.05 13:17:25) Bad-Dll(IEP) in BHO: (not found)
(8.10.05 13:17:25) UBF: 9 - UBB: 12 - UBR: 51
(8.10.05 13:17:25) FilterKey: HKCR\text/html (deleted)
(8.10.05 13:17:25) FilterKey: HKCR\CLSID\{3551784B-E99A-474f-B782-3EC814442918} (deleted)
(8.10.05 13:17:25) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(8.10.05 13:17:25) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} (deleted)
(8.10.05 13:17:25) BHO-Key: HKCR\CLSID\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} (deleted)
(8.10.05 13:17:25) UBF: 8 - UBB: 11 - UBR: 51
(8.10.05 13:17:25) Bad IE-pages: (none)
(8.10.05 13:17:25) Stealth-String not found
(8.10.05 13:17:25) File added to delete: c:\windows\system32\qlink32.dll
(8.10.05 13:17:25) Reboot
(8.10.05 13:44:27) SPSeHjFix started v1.1.2
(8.10.05 13:44:27) OS: WinXP (5.1.2600)
(8.10.05 13:44:27) Language: deutsch
(8.10.05 13:44:27) Win-Path: C:\WINDOWS
(8.10.05 13:44:27) System-Path: C:\WINDOWS\System32
(8.10.05 13:44:27) Temp-Path: C:\DOKUME~1\ME09B9~1\LOKALE~1\Temp\
(8.10.05 13:44:30) Disinfection started
(8.10.05 13:44:30) Bad-Dll(IEP): (not found)
(8.10.05 13:44:30) Bad-Dll(IEP) in BHO: (not found)
(8.10.05 13:44:30) UBF: 8 - UBB: 11 - UBR: 51
(8.10.05 13:44:30) UBF: 8 - UBB: 11 - UBR: 51
(8.10.05 13:44:30) Bad IE-pages: (none)
(8.10.05 13:44:30) Stealth-String not found
(8.10.05 13:44:30) Not infected->END
__________
MfG Sabina
rund um die PC-Sicherheit