bluescreen - problem: your system is infected

#1 michael E

hallo

ich habe das bluescreen - problem: your system is infected. bitte um hilfe

(8.10.05 13:17:12) SPSeHjFix started v1.1.2
(8.10.05 13:17:12) OS: WinXP (5.1.2600)
(8.10.05 13:17:12) Language: deutsch
(8.10.05 13:17:12) Win-Path: C:\WINDOWS
(8.10.05 13:17:12) System-Path: C:\WINDOWS\System32
(8.10.05 13:17:12) Temp-Path: C:\DOKUME~1\ME09B9~1\LOKALE~1\Temp\
(8.10.05 13:17:25) Disinfection started
(8.10.05 13:17:25) Bad-Dll(IEP): (not found)
(8.10.05 13:17:25) Bad-Dll(IEP) in BHO: (not found)
(8.10.05 13:17:25) UBF: 9 - UBB: 12 - UBR: 51
(8.10.05 13:17:25) FilterKey: HKCR\text/html (deleted)
(8.10.05 13:17:25) FilterKey: HKCR\CLSID\{3551784B-E99A-474f-B782-3EC814442918} (deleted)
(8.10.05 13:17:25) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(8.10.05 13:17:25) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} (deleted)
(8.10.05 13:17:25) BHO-Key: HKCR\CLSID\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} (deleted)
(8.10.05 13:17:25) UBF: 8 - UBB: 11 - UBR: 51
(8.10.05 13:17:25) Bad IE-pages: (none)
(8.10.05 13:17:25) Stealth-String not found
(8.10.05 13:17:25) File added to delete: c:\windows\system32\qlink32.dll
(8.10.05 13:17:25) Reboot

(8.10.05 13:44:27) SPSeHjFix started v1.1.2
(8.10.05 13:44:27) OS: WinXP (5.1.2600)
(8.10.05 13:44:27) Language: deutsch
(8.10.05 13:44:27) Win-Path: C:\WINDOWS
(8.10.05 13:44:27) System-Path: C:\WINDOWS\System32
(8.10.05 13:44:27) Temp-Path: C:\DOKUME~1\ME09B9~1\LOKALE~1\Temp\
(8.10.05 13:44:30) Disinfection started
(8.10.05 13:44:30) Bad-Dll(IEP): (not found)
(8.10.05 13:44:30) Bad-Dll(IEP) in BHO: (not found)
(8.10.05 13:44:30) UBF: 8 - UBB: 11 - UBR: 51
(8.10.05 13:44:30) UBF: 8 - UBB: 11 - UBR: 51
(8.10.05 13:44:30) Bad IE-pages: (none)
(8.10.05 13:44:30) Stealth-String not found
(8.10.05 13:44:30) Not infected->END
__________
MfG Sabina

rund um die PC-Sicherheit

#2 Hallo@michael E

mit den Logs per PM kann ich nicht viel anfangen, und per PM loese ich grundsaetzlich keine Probleme.

Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above --> just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

kopiere alle 4 logs ab
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 ich bin nicht allein! danke

Logfile of HijackThis v1.99.1
Scan saved at 15:45:30, on 08.10.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\rtxb\deyvq.exe
C:\WINDOWS\System32\rtxb\deyvq.exe
C:\WINDOWS\System32\gearsec.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.exe
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\System32\eukh\vqvan.exe
C:\WINDOWS\System32\nruhwm\qvbfflqj.exe
C:\WINDOWS\System32\xuvqteil\vcyuuqs.exe
C:\WINDOWS\System32\spqt\pcgcd.exe
C:\WINDOWS\System32\ymjfv\nmyfdm.exe
C:\WINDOWS\System32\mxbapojv\mfonmomx.exe
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\dpeoc5a1.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mvlfhpyo\xcvegegp.exe
C:\WINDOWS\System32\paytime.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\snss\snss.exe
C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\argmq\opuywuo.exe
C:\WINDOWS\System32\jqwffi\hhmaxy.exe
D:\12 Software temp\Distillr\Acrotray.exe
C:\Programme\Acer\Notebook Manager\almxptray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Gemeinsame Dateien\Windows\services32.exe
C:\WINDOWS\system32\cmd.exe
C:\Programme\Gemeinsame Dateien\services.exe
C:\Dokumente und Einstellungen\m e\Desktop\SpSeHjfix112.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\OPScan.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ME09B9~1\LOKALE~1\Temp\Rar$EX00.901\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 - Hosts: 127.0.0.4 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.4 x.full-tgp.net
O1 - Hosts: 127.0.0.4 counter.sexmaniack.com
O1 - Hosts: 127.0.0.4 autoescrowpay.com
O1 - Hosts: 127.0.0.4 www.autoescrowpay.com
O1 - Hosts: 127.0.0.4 www.awmdabest.com
O1 - Hosts: 127.0.0.4 www.sexfiles.nu
O1 - Hosts: 127.0.0.4 awmdabest.com
O1 - Hosts: 127.0.0.4 sexfiles.nu
O1 - Hosts: 127.0.0.4 allforadult.com
O1 - Hosts: 127.0.0.4 www.allforadult.com
O1 - Hosts: 127.0.0.4 www.iframe.biz
O1 - Hosts: 127.0.0.4 iframe.biz
O1 - Hosts: 127.0.0.4 www.newiframe.biz
O1 - Hosts: 127.0.0.4 newiframe.biz
O1 - Hosts: 127.0.0.4 www.vesbiz.biz
O1 - Hosts: 127.0.0.4 vesbiz.biz
O1 - Hosts: 127.0.0.4 www.pizdato.biz
O1 - Hosts: 127.0.0.4 pizdato.biz
O1 - Hosts: 127.0.0.4 www.aaasexypics.com
O1 - Hosts: 127.0.0.4 aaasexypics.com
O1 - Hosts: 127.0.0.4 www.virgin-tgp.net
O1 - Hosts: 127.0.0.4 virgin-tgp.net
O1 - Hosts: 127.0.0.4 www.awmcash.biz
O1 - Hosts: 127.0.0.4 awmcash.biz
O1 - Hosts: 127.0.0.4 buldog-stats.com
O1 - Hosts: 127.0.0.4 www.buldog-stats.com
O1 - Hosts: 127.0.0.4 fregat.drocherway.com
O1 - Hosts: 127.0.0.4 slutmania.biz
O1 - Hosts: 127.0.0.4 www.slutmania.biz
O1 - Hosts: 127.0.0.4 toolbarpartner.com
O1 - Hosts: 127.0.0.4 www.toolbarpartner.com
O1 - Hosts: 127.0.0.4 www.megapornix.com
O1 - Hosts: 127.0.0.4 megapornix.com
O1 - Hosts: 127.0.0.4 www.sp2F***.biz
O1 - Hosts: 127.0.0.4 sp2F***.biz
O1 - Hosts: 127.0.0.4 greg-tut.com
O1 - Hosts: 127.0.0.4 www.greg-tut.com
O1 - Hosts: 127.0.0.4 nylonsexy.com
O1 - Hosts: 127.0.0.4 www.nylonsexy.com
O1 - Hosts: 127.0.0.4 vparivalka.com
O1 - Hosts: 127.0.0.4 www.vparivalka.com
O1 - Hosts: 127.0.0.4 iframeprofit.com
O1 - Hosts: 127.0.0.4 www.iframeprofit.com
O1 - Hosts: 127.0.0.4 topsearch10.com
O1 - Hosts: 127.0.0.4 www.topsearch10.com
O1 - Hosts: 127.0.0.4 statscash.biz
O1 - Hosts: 127.0.0.4 www.statscash.biz
O1 - Hosts: 127.0.0.4 vxiframe.biz
O1 - Hosts: 127.0.0.4 www.vxiframe.biz
O1 - Hosts: 127.0.0.4 crazy-toolbar.com
O1 - Hosts: 127.0.0.4 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.4 topcash.biz
O1 - Hosts: 127.0.0.4 www.topcash.biz
O1 - Hosts: 127.0.0.4 loadcash.biz
O1 - Hosts: 127.0.0.4 www.loadcash.biz
O1 - Hosts: 127.0.0.4 txiframe.biz
O1 - Hosts: 127.0.0.4 www.txiframe.biz
O1 - Hosts: 127.0.0.4 procounter.biz
O1 - Hosts: 127.0.0.4 www.procounter.biz
O1 - Hosts: 127.0.0.4 advadmin.biz
O1 - Hosts: 127.0.0.4 www.advadmin.biz
O1 - Hosts: 127.0.0.4 trafficbest.net
O1 - Hosts: 127.0.0.4 www.trafficbest.net
O1 - Hosts: 127.0.0.4 besthvac.com
O1 - Hosts: 127.0.0.4 www.besthvac.com
O1 - Hosts: 127.0.0.4 traff4.com
O1 - Hosts: 127.0.0.4 www.traff4.com
O1 - Hosts: 127.0.0.4 ambush-script.com
O1 - Hosts: 127.0.0.4 www.ambush-script.com
O1 - Hosts: 127.0.0.4 beehappyy.biz
O1 - Hosts: 127.0.0.4 www.beehappyy.biz
O1 - Hosts: 127.0.0.4 tracktraff.cc
O1 - Hosts: 127.0.0.4 www.tracktraff.cc
O1 - Hosts: 127.0.0.4 allcount.net
O1 - Hosts: 127.0.0.4 www.allcount.net
O1 - Hosts: 127.0.0.4 onedayoffer.biz
O1 - Hosts: 127.0.0.4 www.onedayoffer.biz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\12 Software temp\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - (no file)
O2 - BHO: - {0eddccf0-2d80-4917-9000-eb43b37b1726} - C:\WINDOWS\System32\phxplbel.dll
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Programme\DNS\Catcher.dll
O2 - BHO: (no name) - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O2 - BHO: - {360834e8-7d10-483d-8bc3-b62277299c65} - C:\WINDOWS\System32\phxz.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\12 Software temp\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashTEnhancer Ext - {D7E588AB-A5D9-4422-B313-22A3470F9700} - c:\Program Files\Ftk\ftk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [vqvan] C:\WINDOWS\System32\eukh\vqvan.exe
O4 - HKLM\..\Run: [qvbfflqj] C:\WINDOWS\System32\nruhwm\qvbfflqj.exe
O4 - HKLM\..\Run: [vcyuuqs] C:\WINDOWS\System32\xuvqteil\vcyuuqs.exe
O4 - HKLM\..\Run: [pcgcd] C:\WINDOWS\System32\spqt\pcgcd.exe
O4 - HKLM\..\Run: [nmyfdm] C:\WINDOWS\System32\ymjfv\nmyfdm.exe
O4 - HKLM\..\Run: [mfonmomx] C:\WINDOWS\System32\mxbapojv\mfonmomx.exe
O4 - HKLM\..\Run: [deyvq] C:\WINDOWS\System32\rtxb\deyvq.exe
O4 - HKLM\..\Run: [TVS_B] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [SrchfstUpdate] C:\WINDOWS\srchupdt.exe
O4 - HKLM\..\Run: [dpeoc5a1] C:\WINDOWS\System32\dpeoc5a1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xcvegegp] C:\WINDOWS\System32\mvlfhpyo\xcvegegp.exe
O4 - HKLM\..\Run: [iTunesHelper] __C:\Programme\iTunes\iTunesHelper.exe__
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [xkxtgwed] C:\WINDOWS\System32\frls\xkxtgwed.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\bfgkj.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\System32\stb.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [snss Launcher] "C:\Programme\snss\snss.exe"
O4 - HKLM\..\Run: [SAHBundle] C:\DOKUME~1\ME09B9~1\LOKALE~1\Temp\kdsip.exe run
O4 - HKLM\..\Run: [qcskreov] C:\WINDOWS\System32\iexqon\qcskreov.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [opuywuo] C:\WINDOWS\System32\argmq\opuywuo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programme\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [mqxom] C:\WINDOWS\System32\ikgplmfo\mqxom.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [hhmaxy] C:\WINDOWS\System32\jqwffi\hhmaxy.exe
O4 - HKLM\..\Run: [gwbn] C:\WINDOWS\System32\osai\gwbn.exe
O4 - HKLM\..\Run: [FtkCPY] "C:\Program Files\Common Files\Java\ftkcpy.exe"
O4 - HKLM\..\Run: [bwwqrona] C:\WINDOWS\System32\bnveswu\bwwqrona.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\12 Software temp\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Programme\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Programme\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\RunOnce: [tvs_re] C:\Program Files\Common Files\Java\tvs_re_inst.exe
O4 - HKCU\..\Run: [services32] C:\Programme\Gemeinsame Dateien\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [DNS] C:\Programme\Gemeinsame Dateien\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\12 Software temp\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: LEO Englisch <-> Deutsch - C:\Programme\LEO-Ext-for-IE\DE_EN.htm
O8 - Extra context menu item: LEO Französisch <-> Deutsch - C:\Programme\LEO-Ext-for-IE\DE_FR.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\nosuch.mht!http://traffsale.biz/dl/adv645/x.chm::/load.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nesunel.mht!http://adextension.com/ext1/lca.chm::/bridge-c18.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - ms-its:mhtml:file://c:\nesunem.mht!http://adextension.com/ext1/mma.chm::/joysaver.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht!http://adextension.com/ext1/gca.chm::/0006_regular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ADA5A45-C9EC-422F-B67F-4A4B49CED8CC}: NameServer = 85.255.113.101,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6900777C-0174-4040-AC96-770773D97780}: NameServer = 85.255.113.101,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AAB150D-46D2-497D-8BA7-E88C4B872144}: NameServer = 85.255.113.101,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD91AC42-5B8E-497E-B713-53CC8520C070}: NameServer = 85.255.113.101,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{E05A4817-E1DD-484F-B6FD-6B9BE0233808}: NameServer = 85.255.113.101,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{2ADA5A45-C9EC-422F-B67F-4A4B49CED8CC}: NameServer = 85.255.113.101,85.255.112.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{2ADA5A45-C9EC-422F-B67F-4A4B49CED8CC}: NameServer = 85.255.113.101,85.255.112.11
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Programme\Gemeinsame Dateien\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: mcfCC4 - C:\WINDOWS\SYSTEM32\mcfCC4.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q1848598.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: bwwqronabnveswu - Unknown owner - C:\WINDOWS\System32\bnveswu\bwwqrona.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: deyvqrtxb - Unknown owner - C:\WINDOWS\System32\rtxb\deyvq.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

#4 da gibt es keine Rettung mehr, und es ist ein Rekord fuer mich...so einen verseuchten und schlecht gepflegten PC habe ich noch nicht gesehen.
Formatiere bitte sofort. und poste dann das neue HijackThis (mache aber vorher die Windowsupdates, denn ohne die ist der PC im Handumdrehen wieder verseucht)
__________
MfG Sabina

rund um die PC-Sicherheit

#5 danke für die hilfe
kommt ausser formatieren nichts in frage? gibt's keine notlösung?

#6 Loesungen gibt es immer, nur ist es in deinem Falle viel zu aufwendig und mit neu aufsetzen bist du schneller und hast den Rechner wirklich sauber.
Bitte das dabei beachten http://board.protecus.de/t13020.htm


Edit: Das Ding wird dir auch noch einen Passwoerterstehlenden und auch sonst recht ausspionierenden Goldrun Rootkit Trojaner installiert hxxp://traffsale.biz/dl/adv645/x.chm::/load.exe, alsobrauhst du das ganzen neuaufsetzpaket mit allen infos!
__________
MfG Ralf
SEO-Spam Hunter

#7 HALLO, DAS IST MEIN NEUES LODFILE NACH DER FORMATIERUNG! ICH HOFFE VIRENFREI

Logfile of HijackThis v1.99.1
Scan saved at 12:15:44 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\DOCUME~1\me\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#8 wau ...ich bin begeistert solche logs will ich hier immer sehen

windsdoorcleaner
http://virus-protect.org/windsdoorcleaner.html

Eingeschränktes Benutzerkonto
http://virus-protect.org/administrator.html

hab acht im Net, und sei immer misstrauisch...klicke nicht auf alles, was blinkt
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hallo,

kann jemand bitte mein logfile kontrollieren? Ich habe den Verdacht, dass etwas faul ist, da ich wieder pop up fenster kriege!

thanks


Logfile of HijackThis v1.99.1
Scan saved at 9:51:06 AM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
E:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\ISTsvc\istsvc.exe
E:\WINDOWS\nidwkag.exe
E:\Program Files\SurfAccuracy\SAcc.exe
E:\Program Files\Internet Optimizer\optimize.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\WINDOWS\system32\gearsec.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\DOCUME~1\me\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
E:\DOCUME~1\me\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - E:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - E:\WINDOWS\system32\qlink32.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - E:\Program Files\SideFind\sfbho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - E:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] __E:\Program Files\iTunes\iTunesHelper.exe__
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "E:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [GMo2] E:\WINDOWS\nidwkag.exe
O4 - HKLM\..\Run: [SurfAccuracy] E:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] E:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Stickies] E:\Program Files\Stickies\Stickies.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = E:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Device Detector 2.lnk = E:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Getting Started with MacDrive 5.lnk = E:\Program Files\Mediafour\MacDrive5\MDGSTART.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://E:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - E:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - E:\WINDOWS\system32\qlink32.dll
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MacDrive-iTunes compatibility - E:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - E:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#10 michael E

du klickst wirklich auf alles im Internet, was blinkt....du musst vorsichtiger sein....schade um den schoenen sauberen PC......~~

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - E:\WINDOWS\nem220.dll (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - E:\WINDOWS\system32\qlink32.dll (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - E:\Program Files\SideFind\sfbho.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - E:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [GMo2] E:\WINDOWS\nidwkag.exe
O4 - HKLM\..\Run: [SurfAccuracy] E:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] E:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [Stickies] E:\Program Files\Stickies\Stickies.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - E:\Program Files\SideFind\sidefind.dll
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - E:\WINDOWS\system32\qlink32.dll

PC neustarten

CCleaner (loesche alle temporaeren dateien)
http://virus-protect.org/temp.html

Killbox
http://virus-protect.org/killbox.html
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

E:\Program Files\SideFind
E:\Program Files\Internet Optimizer
E:\Program Files\SurfAccuracy
E:\Program Files\ISTsvc
E:\Program Files\YourSiteBar
E:\Program Files\Power Scan

loesche auch:
E:\WINDOWS\system32\qlink32.dll
E:\WINDOWS\nidwkag.exe

scanne mit ewido und poste den scanreport
http://virus-protect.org/ewido.html

scanne mit panda und poste auch den scanreport
http://virus-protect.org/onlinescan.html

counterspy
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#11 danke für die hilfe, ich habe die blinkende maus eliminiert.
ich bin gerade dabei einen 2ten account aufzusetzen fürs surfen und emailen.
ich installiere thunderbird.

trotz firewall und pop up blocker kriege ich immer wieder ungewollte pop up fenster. gibt es ein mittel dagegen?

#12 hast du denn erst mal abgearbeitet, was ich geschrieben hatte ????
Ich sehe kein Log vom Counterspy, so sehr ich auch meine Augen reibe......
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Hallo, hier sind die Scan Details.
Ich benutze ansonsten norton antivirus zum scannen.

Bitte um Rat mit dem Kommunikationsproblem auf dem limitierten account.
Danke


Spyware Scan Details
Start Date: 11/3/2005 10:25:32 AM
End Date: 11/3/2005 11:23:37 AM
Total Time: 58 mins 5 secs

Detected spyware

AvenueMedia.DyFuCA Browser Plug-in more information...
Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself.
Status: Deleted

Infected files detected
e:\program files\internet optimizer\optimize.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 E:\WINDOWS\nem220.dll
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR E:\WINDOWS\
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName E:\WINDOWS\nem220.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName E:\WINDOWS\nem220.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi12
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29744704,2878899616
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 21600
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-1598a6e1042bbba7665963b0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1130693281
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1130693281
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 356,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\software\avenue media
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 RawData
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Data
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName E:\WINDOWS\nem220.dll
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi12
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29744704,2878899616
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 21600
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-1598a6e1042bbba7665963b0
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1130693281
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1130693281
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 356,1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon E:\Program Files\Internet Optimizer\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayName Internet Optimizer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "E:\Program Files\Internet Optimizer\optimize.exe" /u
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CurVer DyFuCA_BH.BHObj.1
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj BHObj Class
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES
HKEY_CURRENT_USER\Software\Policies\Avenue Media
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt


IST.ISTbar Browser Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected files detected
e:\program files\istsvc\istsvc.exe
e:\documents and settings\me\start menu\programs\power scan\power scan.lnk
e:\program files\sidefind\sfbho.dll
e:\program files\sidefind\sfexd001
e:\program files\sidefind\sidefind.dll
e:\program files\sidefind\update\sidefind.exe
e:\program files\power scan\powerscan.exe
e:\program files\power scan\uninstall.exe

Infected registry entries detected
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist exe_start 2
HKEY_CURRENT_USER\software\ist InstallDate 2005-10-30 19:26:04
HKEY_CURRENT_USER\software\ist account_id 1003918
HKEY_CURRENT_USER\software\ist config ysb_m3
HKEY_CURRENT_USER\software\ist Recover !ZpHc•+ r/˨“YÂÝ09Àc;}ˉßÞå؈F�1œ àßNž�jL¢9ûÆ�·,¼&«^
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc DisplayName ISTsvc
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc UninstallString E:\PROGRAM FILES\ISTSVC\ISTSVC.EXE /remove
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc NoModify 1
HKEY_CURRENT_USER\Software\Avenue Media
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName E:\WINDOWS\nem220.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi12
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29744704,2878899616
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 21600
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-1598a6e1042bbba7665963b0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1130693281
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1130693281
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 356,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 TimeStamp 20041116000000
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc DisplayName ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc UninstallString E:\PROGRAM FILES\ISTSVC\ISTSVC.EXE /remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc NoModify 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayIcon E:\Program Files\Internet Optimizer\optimize.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayName Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer UninstallString "E:\Program Files\Internet Optimizer\optimize.exe" /u
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 E:\WINDOWS\nem220.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR E:\WINDOWS\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 DyFuCA_BH 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {00000010-6F7D-442C-93E3-4A4827C2E4C8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127751751664796192 1201|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127751841667914320 1202|259200
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127752165275103728 1227|2678400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127752544110747696 1216|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127752653027411552 1206|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc version 1024
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_name istsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_url http://cache.ysbweb.com/ist/softwares/istupdates/istsvc_updater.exe
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc ui F2CBADC8-7DDE-47ad-8838-706927B4E00A
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_initial_delay 600
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_count 5
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_count 2
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_limit 4
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_count 0
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_version 1024
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_count 3
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc account_id 1003918
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_date
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_interval 9000
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_last
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_interval 86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_last
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_interval 432000
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_last


IST.PowerScan Adware more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted

Infected files detected
e:\documents and settings\me\start menu\programs\power scan\power scan.lnk
e:\program files\power scan\powerscan.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist exe_start 2
HKEY_CURRENT_USER\software\ist InstallDate 2005-10-30 19:26:04
HKEY_CURRENT_USER\software\ist account_id 1003918
HKEY_CURRENT_USER\software\ist config ysb_m3
HKEY_CURRENT_USER\software\ist Recover !ZpHc•+ r/˨“YÂÝ09Àc;}ˉßÞå؈F�1œ àßNž�jL¢9ûÆ�·,¼&«^


IST.SideFind Adware more information...
Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons.
Status: Deleted

Infected files detected
e:\program files\sidefind\update\sidefind.exe
e:\program files\sidefind\sfbho.dll
e:\program files\sidefind\sfexd001
e:\program files\sidefind\sidefind.dll
E:\Program Files\Power Scan\powerscan.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper BAHelper Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 E:\Program Files\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CurVer SideFind.Finder.1
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 0 online poker
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind\History 1 adult dating
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind account_id 106
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathBHO E:\Program Files\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathDLL E:\Program Files\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathXML E:\Program Files\SideFind\sfexd001
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind PathEXE E:\Program Files\Sidefind\update\sidefind.exe
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind InstallDate 2005-10-30 19:26:38
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind SearchSite http://www.sidefind.com/results.php?target=_external&
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind update 1130959599
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind ver 1.3
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind IntervalBetweenShows 240
HKEY_LOCAL_MACHINE\SOFTWARE\SideFind show 1
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 E:\Program Files\SideFind\sidefind.dll
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind DisplayName SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind UninstallString "E:\Program Files\Sidefind\update\sidefind.exe" /remove
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 BAHelper Class
HKEY_CLASSES_ROOT\SideFind.Finder.1
HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_CLASSES_ROOT\SideFind.Finder.1 SideFind
HKEY_CLASSES_ROOT\SideFind.Finder
HKEY_CLASSES_ROOT\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_CLASSES_ROOT\SideFind.Finder\CurVer SideFind.Finder.1
HKEY_CLASSES_ROOT\SideFind.Finder SideFind
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 BAHelper Class
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper BAHelper Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind shoppingautosearch true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind webautosearch true


YourSiteBar Spyware more information...
Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar.
Status: Deleted

Infected files detected
e:\program files\yoursitebar\imagemap_normal.bmp
e:\program files\yoursitebar\imagemap_over.bmp
e:\program files\yoursitebar\version.txt
e:\program files\yoursitebar\yoursitebar.xml
e:\program files\yoursitebar\ysb.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\YourSiteBar
HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles E:\Program Files\YourSiteBar\yoursitebar.xml 1
HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles E:\Program Files\YourSiteBar\imagemap_normal.bmp 1
HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles E:\Program Files\YourSiteBar\imagemap_over.bmp 1
HKEY_LOCAL_MACHINE\Software\YourSiteBar\Historyfiles E:\Program Files\YourSiteBar\version.txt 1
HKEY_LOCAL_MACHINE\Software\YourSiteBar installTitle YourSiteBar
HKEY_LOCAL_MACHINE\Software\YourSiteBar serverpath http://cache.ysbweb.com/ysb/xml/1003918/
HKEY_LOCAL_MACHINE\Software\YourSiteBar urlAfterInstall http://www.ysbweb.com/install/welcome.html
HKEY_LOCAL_MACHINE\Software\YourSiteBar gUpdate 0
HKEY_LOCAL_MACHINE\Software\YourSiteBar TBRowMode 0
HKEY_LOCAL_MACHINE\Software\YourSiteBar yoursitebar.xml -481029006
HKEY_LOCAL_MACHINE\Software\YourSiteBar imagemap_normal.bmp -1489920536
HKEY_LOCAL_MACHINE\Software\YourSiteBar imagemap_over.bmp -1489920536
HKEY_LOCAL_MACHINE\Software\YourSiteBar showcorrupted 1
HKEY_LOCAL_MACHINE\Software\YourSiteBar updatever
HKEY_LOCAL_MACHINE\Software\YourSiteBar refreshscope 1440
HKEY_LOCAL_MACHINE\Software\YourSiteBar allowupdate 0
HKEY_LOCAL_MACHINE\Software\YourSiteBar LastCheckTime 1130791704
HKEY_LOCAL_MACHINE\Software\YourSiteBar version.txt -186917087
HKEY_LOCAL_MACHINE\Software\YourSiteBar UpdateBegin 0
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar DisplayName YourSiteBar
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar UninstallString regsvr32 /u /s "E:\Program Files\YourSiteBar\ysb.dll"
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar Publisher Integrated Seach Technologies
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\YourSiteBar HelpLink http://www.ysbweb.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar DisplayName YourSiteBar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar UninstallString regsvr32 /u /s "E:\Program Files\YourSiteBar\ysb.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar Publisher Integrated Seach Technologies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar URLInfoAbout http://www.ysbweb.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar HelpLink http://www.ysbweb.com
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\InprocServer32 E:\Program Files\YourSiteBar\ysb.dll
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ProgID Ysb.YsbObj.1
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\TypeLib {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\VersionIndependentProgID Ysb.YsbObj
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} YourSiteBar
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} IYsbObj
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} IContextItem
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\InprocServer32 E:\Program Files\YourSiteBar\ysb.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ProgID Ysb.YsbObj.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\TypeLib {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\VersionIndependentProgID Ysb.YsbObj
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} YourSiteBar
HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}
HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8} IYsbObj
HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}
HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib {4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542} IContextItem
HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}
HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\0\win32 E:\Program Files\YourSiteBar\ysb.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\HELPDIR E:\Program Files\YourSiteBar\
HKEY_LOCAL_MACHINE\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0 Ysb 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj\CurVer Ysb.YsbObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj YourSiteBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysb.YsbObj.1 YourSiteBar
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\0\win32 E:\Program Files\YourSiteBar\ysb.dll
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0\HELPDIR E:\Program Files\YourSiteBar\
HKEY_CLASSES_ROOT\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\1.0 Ysb 1.0 Type Library
HKEY_CLASSES_ROOT\Ysb.YsbObj.1
HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar
HKEY_CLASSES_ROOT\Ysb.YsbObj
HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1
HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar
HKEY_CLASSES_ROOT\Ysb.YsbObj
HKEY_CLASSES_ROOT\Ysb.YsbObj\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\Ysb.YsbObj\CurVer Ysb.YsbObj.1
HKEY_CLASSES_ROOT\Ysb.YsbObj YourSiteBar
HKEY_CLASSES_ROOT\Ysb.YsbObj.1
HKEY_CLASSES_ROOT\Ysb.YsbObj.1\CLSID {86227D9C-0EFE-4f8a-AA55-30386A3F5686}
HKEY_CLASSES_ROOT\Ysb.YsbObj.1 YourSiteBar


SurfAccuracy Adware more information...
Status: Deleted

Infected files detected
e:\program files\surfaccuracy\license.lnk
e:\program files\surfaccuracy\sacc.cfg
e:\program files\surfaccuracy\sacc.exe
e:\program files\surfaccuracy\saccu.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\SAcc
HKEY_LOCAL_MACHINE\Software\SAcc accid 104
HKEY_LOCAL_MACHINE\Software\SAcc subaccid 1003918
HKEY_LOCAL_MACHINE\Software\SAcc Version 1116
HKEY_LOCAL_MACHINE\Software\SAcc InstallDate 1130700372
HKEY_LOCAL_MACHINE\Software\SAcc CfgReloadAttempts 2
HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1130909094
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc DisplayName Surf Accuracy
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\SAcc UninstallString E:\Program Files\SurfAccuracy\SAccU.exe


Adw.SearchFast.Toolbar Browser Hijacker and Toolbar more information...
Details: The Adw.SearchFast.Toolbar is an IE toolbar and uses a BHO which hijacks the error page.
Status: Deleted

Infected files detected
e:\program files\quick links\uninst.exe
e:\program files\quick links\uninst.log
e:\windows\system32\preuninstallql.exe
e:\windows\system32\qldf.bin

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}\TypeLib {423550E9-2F83-4678-9929-C1774088B180}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4162D910-6167-42E7-91AE-6A522C4121D2} ILinkTracker
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker\CLSID {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker LinkTracker Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker.1\CLSID {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.LinkTracker.1 LinkTracker Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter.1\CLSID {3551784B-E99A-474f-B782-3EC814442918}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter.1 QuickLinksFilter Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter\CLSID {3551784B-E99A-474f-B782-3EC814442918}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickLinks.QuickLinksFilter QuickLinksFilter Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Links
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Links UninstallString E:\Program Files\Quick Links\Uninst.exe -s E:\Program Files\Quick Links\Uninst.log
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quick Links DisplayName Quick Links


QuickLinks Monitoring Software more information...
Details: QuickLinks is Adware that redirects your searches to affiliate sites and may monitor your search terms.
Status: Deleted

Infected files detected
e:\program files\quick links\uninst.exe
e:\program files\quick links\uninst.log
E:\WINDOWS\system32\PreUninstallQL.exe

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}
HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\InprocServer32 E:\WINDOWS\system32\qlink32.dll
HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\InprocServer32 ThreadingModel both
HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\KeyPhrasesFileName qldf.bin
HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\ProgID QuickLinks.QuickLinksFilter.1
HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918}\VersionIndependentProgID QuickLinks.QuickLinksFilter
HKEY_CLASSES_ROOT\clsid\{3551784B-E99A-474f-B782-3EC814442918} QuickLinksFilter Class
HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter.1
HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter.1\CLSID {3551784B-E99A-474f-B782-3EC814442918}
HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter.1 QuickLinksFilter Class
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Quick Links
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Quick Links UninstallString E:\Program Files\Quick Links\Uninst.exe -s E:\Program Files\Quick Links\Uninst.log
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Quick Links DisplayName Quick Links
HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter
HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter\CLSID {3551784B-E99A-474f-B782-3EC814442918}
HKEY_CLASSES_ROOT\QuickLinks.QuickLinksFilter QuickLinksFilter Class
HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}
HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\InprocServer32 E:\WINDOWS\system32\qlink32.dll
HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\InprocServer32 ThreadingModel both
HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\KeyPhrasesFileName qldf.bin
HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\ProgID QuickLinks.QuickLinksFilter.1
HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918}\VersionIndependentProgID QuickLinks.QuickLinksFilter
HKEY_CLASSES_ROOT\CLSID\{3551784B-E99A-474f-B782-3EC814442918} QuickLinksFilter Class
HKEY_LOCAL_MACHINE\SOFTWARE\QL
HKEY_LOCAL_MACHINE\SOFTWARE\QL st 1
HKEY_LOCAL_MACHINE\SOFTWARE\QL si 19903
HKEY_LOCAL_MACHINE\SOFTWARE\QL ia 1
HKEY_LOCAL_MACHINE\SOFTWARE\QL im 14


Unclassified.Spyware.57 Spyware more information...
Status: Deleted

Infected files detected
E:\RECYCLER\S-1-5-21-2052111302-492894223-839522115-1003\De31.exe


Xrenoder Browser Plug-in more information...
Details: Xrenoder is a multi faceted Trojan. It is an Internet Explorer-Toolbar, homepage and search hijacker which resets your browser's home page and search settings to point to other affiliate sites. Xrenoder also displays pornographic popup ads.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\istsvc
HKEY_LOCAL_MACHINE\software\istsvc\history 127751751664796192 1201|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127751841667914320 1202|259200
HKEY_LOCAL_MACHINE\software\istsvc\history 127752165275103728 1227|2678400
HKEY_LOCAL_MACHINE\software\istsvc\history 127752544110747696 1216|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127752653027411552 1206|86400
HKEY_LOCAL_MACHINE\software\istsvc version 1024
HKEY_LOCAL_MACHINE\software\istsvc app_name istsvc.exe
HKEY_LOCAL_MACHINE\software\istsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php
HKEY_LOCAL_MACHINE\software\istsvc update_url http://cache.ysbweb.com/ist/softwares/istupdates/istsvc_updater.exe
HKEY_LOCAL_MACHINE\software\istsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php
HKEY_LOCAL_MACHINE\software\istsvc ui F2CBADC8-7DDE-47ad-8838-706927B4E00A
HKEY_LOCAL_MACHINE\software\istsvc popup_initial_delay 600
HKEY_LOCAL_MACHINE\software\istsvc popup_count 5
HKEY_LOCAL_MACHINE\software\istsvc popup_day_count 2
HKEY_LOCAL_MACHINE\software\istsvc popup_day_limit 4
HKEY_LOCAL_MACHINE\software\istsvc update_count 0
HKEY_LOCAL_MACHINE\software\istsvc update_version 1024
HKEY_LOCAL_MACHINE\software\istsvc config_count 3
HKEY_LOCAL_MACHINE\software\istsvc account_id 1003918
HKEY_LOCAL_MACHINE\software\istsvc app_date
HKEY_LOCAL_MACHINE\software\istsvc popup_interval 9000
HKEY_LOCAL_MACHINE\software\istsvc popup_last
HKEY_LOCAL_MACHINE\software\istsvc update_interval 86400
HKEY_LOCAL_MACHINE\software\istsvc update_last
HKEY_LOCAL_MACHINE\software\istsvc config_interval 432000
HKEY_LOCAL_MACHINE\software\istsvc config_last


Internet Optimizer Browser Hijacker more information...
Details: Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com.
Status: Deleted

Infected files detected
E:\Program Files\SideFind\sidefind.dll

Infected registry entries detected
HKEY_CURRENT_USER\software\avenue media
HKEY_LOCAL_MACHINE\software\policies\avenue media
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 E:\Program Files\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library


IST.SlotchBar Toolbar more information...
Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTsvc Changed 0
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\IST exe_start 2
HKEY_CURRENT_USER\Software\IST InstallDate 2005-10-30 19:26:04
HKEY_CURRENT_USER\Software\IST account_id 1003918
HKEY_CURRENT_USER\Software\IST config ysb_m3
HKEY_CURRENT_USER\Software\IST Recover !ZpHc•+ r/˨“YÂÝ09Àc;}ˉßÞå؈F�1œ àßNž�jL¢9ûÆ�·,¼&«^


IST.XXXToolbar Toolbar more information...
Details: Adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running.
Status: Deleted

Infected files detected
E:\Program Files\SideFind\sfbho.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc DisplayName ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc UninstallString E:\PROGRAM FILES\ISTSVC\ISTSVC.EXE /remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc NoModify 1
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\IST exe_start 2
HKEY_CURRENT_USER\Software\IST InstallDate 2005-10-30 19:26:04
HKEY_CURRENT_USER\Software\IST account_id 1003918
HKEY_CURRENT_USER\Software\IST config ysb_m3
HKEY_CURRENT_USER\Software\IST Recover !ZpHc•+ r/˨“YÂÝ09Àc;}ˉßÞå؈F�1œ àßNž�jL¢9ûÆ�·,¼&«^
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 E:\Program Files\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR E:\Program Files\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library

#14 ich verstehe nicht, wie man soviel Muell laden kann...bekommst du das nicht mit ?????

Wenn der PC sauber ist, muesste auch wieder alles andere klappen.

scanne mit ewido und poste den scanreport
http://virus-protect.org/ewido.html

scanne mit panda und poste auch den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#15 ich habe firewall,
pop up blocker von windows
ich scanne regelmäßig.

trotzdem schleichen sich "dinge" bei mir ein. ich glaube pc's können einfach nicht 100% dicht sein.

warum soll ich mit all diesen scannern EWIDO, PANDA scannen. ich habe ja norton!

danke für jeden tipp!

michael