Trustcleaner ProblemThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
23.09.2006, 15:59
Ehrenmitglied
 Beiträge: 29434 |
||
 
|
|
|
|
23.09.2006, 18:03
Member
Beiträge: 14 |
#17
ok
hier die autoruns.txt HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Acrobat Assistant 7.0 AcroTray (Not verified) Adobe Systems Inc. f:\grafik\adobe\cs2\acrobat cs2\distillr\acrotray.exe + Ad-watch Ad-watch Monitor (Not verified) Lavasoft Sweden f:\toolz\security\adaware\ad-aware 6\ad-watch.exe + Adobe Version Cue CS2 Adobe Version Cue CS2 (Not verified) Adobe Sytems Incorporated f:\grafik\adobe\cs2\version cue cs2\controlpanel\versioncuecs2tray.exe + Advanced Tools Check Norton AntiVirus Advanced Tools Integrity Checker (Verified) Symantec Corporation f:\toolz\security\norton av\advtools\advchk.exe + ccApp Common Client User Session (Verified) Symantec Corporation c:\programme\gemeinsame dateien\symantec shared\ccapp.exe + HydraVisionDesktopManager HydraDM (Not verified) ATI Technologies Inc. c:\programme\ati technologies\ati hydravision\hydradm.exe + iTunesHelper File not found: F:\toolz\media\itunes\iTunesHelper.exe + LogitechCameraAssistant Logitech Camera Assistant (Not verified) Logitech Inc. c:\programme\logitech\video\cameraassistant.exe + LogitechCameraService(E) Logitech Camera Service(E) (Not verified) Logitech Inc. c:\windows\system32\elkctrl.exe + LogitechVideo[inspector] Install Helper (Not verified) Logitech Inc. c:\programme\logitech\video\installhelper.exe + LVCOMSX LVCom Server (Not verified) Logitech Inc. c:\windows\system32\lvcomsx.exe + NeroCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\nerocheck.exe + PMXInit Card enumeration module (Not verified) Imagination Technologies Ltd. c:\windows\system32\pmxinit.exe + QuickTime Task File not found: C:\haroon\toolz\media\quicktime\qttask.exe + Zone Labs Client File not found: C:\Haroon\toolz\security\ZONEAL~1\zlclient.exe + {0228e555-4f9c-4e35-a3ec-b109a192b4c2} Gmail Notifier (Not verified) Google Inc. f:\toolz\media\browser\gmail notifier\gnotify.exe C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart + Adobe Acrobat Speed Launcher.lnk c:\windows\installer\{ac76ba86-1033-f400-7760-000000000002}\sc_acrobat.exe + Adobe Gamma.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\programme\gemeinsame dateien\adobe\calibration\adobe gamma loader.exe + Adobe Reader - Schnellstart.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated f:\toolz\acrobat reader\reader\reader_sl.exe + D-Link AirPlus G+ Wireless Adapter Utility.lnk D-Link AirPlus G+ Wireless Adapter Utility (Not verified) D-Link f:\treiber\wlankarte\dwlgti.exe + Logitech SetPoint.lnk Logitech SetPoint Event Manager (UNICODE) (Not verified) Logitech Inc. f:\treiber\maus\setpoint\setpoint.exe C:\Dokumente und Einstellungen\Haroon\Startmenü\Programme\Autostart + Adobe Gamma.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\programme\gemeinsame dateien\adobe\calibration\adobe gamma loader.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run + LogitechSoftwareUpdate Logitech Software Update (Not verified) Logitech Inc. c:\programme\logitech\video\manifestengine.exe + Trust Cleaner File not found: C:\Programme\Trust Cleaner\Trust Cleaner.exe + updateMgr Adobe Update Manager (Not verified) Adobe Systems Incorporated f:\grafik\adobe\cs2\acrobat cs2\acrobat\adobeupdatemanager.exe HKLM\SOFTWARE\Classes\Protocols\Filter + application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll + application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll + application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll HKLM\SOFTWARE\Classes\Protocols\Handler + cdo Microsoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\programme\gemeinsame dateien\microsoft shared\web folders\pkmcdo.dll + msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\programme\msn messenger\msgrapp.dll HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:Home HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Adobe.Acrobat.ContextMenu Adobe Acrobat Context Menu (Not verified) Adobe Systems Inc. f:\grafik\adobe\cs2\acrobat cs2\acrobat elements\contextmenu.dll + CPL-Erweiterung für Anzeigeverschiebung File not found: deskpan.dll + CuteFTP Shell Extension (Not verified) GlobalSCAPE, Inc. f:\toolz\entwicklung\ftp\cuteftp\cuteshell.dll + Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll + iTunes iTunes Mini Player DLL (Not verified) Apple Computer, Inc. c:\programme\itunes\itunesminiplayer.dll + Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. f:\toolz\media\realplayer\rpshell.dll + Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\programme\gemeinsame dateien\microsoft shared\web folders\msonsext.dll + WinRAR shell extension f:\toolz\winrar 3.0 with key gen\rarext.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandlers + PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. f:\grafik\adobe\cs2\acrobat cs2\activex\pdfshell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated f:\grafik\adobe\cs2\acrobat cs2\activex\acroiehelper.dll HKLM\Software\Microsoft\Internet Explorer\Extensions + Sothink SWF Catcher c:\programme\gemeinsame dateien\sourcetec\swf catcher\internetexplorer.htm HKLM\System\CurrentControlSet\Services + Ati HotKey Poller File not found: C:\WINDOWS\System32\Ati2evxx.exe + ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe + Automatic LiveUpdate Scheduler Manages the scheduling of Automatic LiveUpdate sessions (Verified) Symantec Corporation c:\programme\symantec\liveupdate\aluschedulersvc.exe + C-DillaCdaC11BA Macrovision RTS Service (Not verified) Macrovision c:\windows\system32\drivers\cdac11ba.exe + C-DillaSrv C-Dilla RTS Service (Not verified) C-Dilla Ltd c:\windows\system32\drivers\cdantsrv.exe + ccEvtMgr Symantec Event Manager (Verified) Symantec Corporation c:\programme\gemeinsame dateien\symantec shared\ccevtmgr.exe + ccSetMgr Symantec Settings Manager (Verified) Symantec Corporation c:\programme\gemeinsame dateien\symantec shared\ccsetmgr.exe + LVPrcSrv Webcam Effects Helper. (Not verified) Logitech Inc. c:\programme\gemeinsame dateien\logitech\lvmvfm\lvprcsrv.exe + maya70docserver Searchable online docs for Alias software c:\programme\alias\maya7.0\docs\wrapper.exe + MySql File not found: F:/toolz/Entwicklung/MySQL/bin/mysqld-nt.exe + navapsvc Handles Norton AntiVirus Auto-Protect events. (Verified) Symantec Corporation f:\toolz\security\norton av\navapsvc.exe + NProtectService File not found: C:\Haroon\toolz\security\Norton Av\AdvTools\NPROTECT.EXE + SBService ScriptBlocking registration (Verified) Symantec Corporation c:\programme\gemeinsame dateien\symantec shared\script blocking\sbserv.exe + StyleXPService StyleXPService Module c:\programme\tgtsoft\stylexp\stylexpservice.exe + Symantec Core LC Symantec Core LC (Not verified) Symantec Corporation c:\programme\gemeinsame dateien\symantec shared\ccpd-lc\symlcsvc.exe + SymWSC Symantec WMI Service (Verified) Symantec Corporation c:\programme\gemeinsame dateien\symantec shared\security center\symwsc.exe HKLM\System\CurrentControlSet\Services + ALCXWDM File not found: system32\drivers\ALCXWDM.SYS + C-Dilla C-Dilla Windows NT RTS (Not verified) Macrovision c:\windows\system32\drivers\cdant.sys + CdaC15BA Macrovision SECURITY Driver (Not verified) Macrovision Europe Ltd c:\windows\system32\drivers\cdac15ba.sys + d347bus PnP BIOS Extension (Not verified) c:\windows\system32\drivers\d347bus.sys + d347prt SCSI miniport (Not verified) c:\windows\system32\drivers\d347prt.sys + DivioUSBDCam Universal Serial Bus Device Driver for Windows (Not verified) Divio Inc. c:\windows\system32\drivers\pcam.sys + DS1410D c:\windows\system32\drivers\ds1410d.sys + epppdt Protocol Driver for EPSON 1394.3 Device (Not verified) SEIKO EPSON CORPORATION c:\windows\system32\drivers\epppdt.sys + etusbf c:\windows\system32\drivers\etusbf.sys + GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys + hardlock Hardlock Device Driver for Windows NT (Not verified) Aladdin Knowledge Systems c:\windows\system32\drivers\hardlock.sys + Haspnt HASP Kernel Device Driver for Windows NT (Not verified) Aladdin Knowledge Systems c:\windows\system32\drivers\haspnt.sys + Imagedrv NERO IMAGEDRIVE SCSI miniport (Not verified) Ahead Software AG and its licensors c:\windows\system32\drivers\imagedrv.sys + irda IrDA-Protokoll File not found: System32\DRIVERS\irda.sys + Lvckap Logitech Kernel Audio Processing Filter Driver (Not verified) Logitech Inc. c:\windows\system32\drivers\lvckap.sys + lvmvdrv Logitech Machine Vision Engine Loader (Not verified) Logitech Inc. c:\windows\system32\drivers\lvmvdrv.sys + LVPrcMon Logitech ProcMon Driver (Not verified) Logitech Inc. c:\windows\system32\drivers\lvprcmon.sys + NAVENG AV Engine (Verified) Symantec Corporation c:\programme\gemeinsame dateien\symantec shared\virusdefs\20060920.052\naveng.sys + NAVEX15 AV Engine (Verified) Symantec Corporation c:\programme\gemeinsame dateien\symantec shared\virusdefs\20060920.052\navex15.sys + NPDriver Norton Protection Driver (Not verified) Symantec Corporation c:\windows\system32\drivers\npdriver.sys + PCANDIS5 PCAUSA NDIS 5.0 Protocol Driver (Not verified) Printing Communications Assoc., Inc. (PCAUSA) c:\windows\system32\pcandis5.sys + pfc Padus(R) ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys + powervr KYRO Video Miniport (Not verified) Imagination Technologies Ltd. c:\windows\system32\drivers\powervr.sys + SAVRT AutoProtect (Verified) Symantec Corporation f:\toolz\security\norton av\savrt.sys + SAVRTPEL SAVRTPEL (Verified) Symantec Corporation f:\toolz\security\norton av\savrtpel.sys + Secdrv SafeDisc driver (Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys + Sentinel Sentinel System Driver (NT Parallel driver) (Not verified) Rainbow Technologies, Inc. c:\windows\system32\drivers\sentinel.sys + Sntnlusb Rainbow Technologies Sentinel Device Driver (Not verified) Rainbow Technologies Inc. c:\windows\system32\drivers\sntnlusb.sys + StyleXPHelper StyleXP (Not verified) Windows (R) 2000 DDK provider c:\programme\tgtsoft\stylexp\stylexphelper.exe + SVKP SVKP driver for NT (Not verified) AntiCracking c:\windows\system32\svkp.sys + SymEvent Symantec Event Library (Verified) Symantec Corporation c:\programme\symantec\symevent.sys + symlcbrd c:\windows\system32\drivers\symlcbrd.sys + SYMREDRV Redirector Filter Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symredrv.sys + SYMTDI Network Dispatch Driver (Verified) Symantec Corporation c:\windows\system32\drivers\symtdi.sys + TSP File not found: C:\WINDOWS\system32\drivers\klif.sys HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors + Adobe PDF Port Acrobat ® PDF Port (Not verified) Adobe Systems Incorporated. c:\windows\system32\adobepdf.dll + EPSON V6 2KMonitor EPSON Bi-directional Monitor (Not verified) SEIKO EPSON CORPORATION c:\windows\system32\ebpmon24.dll Anhang: AutoRuns.txt
|
|
|
|
|
|
|
23.09.2006, 20:27
Ehrenmitglied
Beiträge: 29434 |
#18
gehe in die Registry
Start - Ausfuehren - regedit bearbeiten - suchen - Trust Cleaner loesche alles, was du findest z.b unter: HKCU\Software\Microsoft\Windows\CurrentVersion\Run + starte den rechner neu ----------------------- ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 03:37
Member
Beiträge: 14 |
||
|
|
|
|
|
24.09.2006, 10:59
Ehrenmitglied
Beiträge: 29434 |
#20
1,
scanne und poste den report - smitfiles.txt http://virus-protect.org/artikel/tools/smitrem.html 2, Download Registry Search by Bobbi Flekman http://www.bleepingcomputer.com/files/regsearch.php und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) SecurityConsole Rasssdahice in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 12:18
Member
Beiträge: 14 |
#21
Unknown Service # 18
Service Name: Rasssdahice Display Name: Rasssdahice Start Mode: Disabled Start Name: Description: ... Service Type: Share Process Path: State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 21 Service Name: SecurityConsole Display Name: SecurityConsole Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: State: Stopped Process ID: 0 Started: Falsch Exit Code: 3 Accept Pause: Falsch Accept Stop: Falsch die smitfiles.txt ist im anhang und hier die regedit REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 24.09.2006 12:22:13 for strings: ; 'securityconsole' ; 'rasssdahice' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECURITYCONSOLE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECURITYCONSOLE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECURITYCONSOLE\0000] "Service"="SecurityConsole" "DeviceDesc"="SecurityConsole" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasssdahice] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasssdahice\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SecurityConsole] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SecurityConsole] "DisplayName"="SecurityConsole" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SecurityConsole\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SecurityConsole\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SecurityConsole\Enum] "0"="Root\\LEGACY_SECURITYCONSOLE\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SECURITYCONSOLE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SECURITYCONSOLE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SECURITYCONSOLE\0000] "Service"="SecurityConsole" "DeviceDesc"="SecurityConsole" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Rasssdahice] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Rasssdahice\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SecurityConsole] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SecurityConsole] "DisplayName"="SecurityConsole" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SecurityConsole\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURITYCONSOLE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURITYCONSOLE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURITYCONSOLE\0000] "Service"="SecurityConsole" "DeviceDesc"="SecurityConsole" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasssdahice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasssdahice\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityConsole] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityConsole] "DisplayName"="SecurityConsole" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityConsole\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityConsole\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityConsole\Enum] "0"="Root\\LEGACY_SECURITYCONSOLE\\0000" ; End Of The Log... ----------------------- Appinitdll check ........ Thank you Grinler! dumphive.exe (C)2000-2004 Markus Stephany REGEDIT4 [Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present VirusBurst uninstaller NOT present BraveSentry uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ amcompat.tlb nscompat.tlb ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 728 'explorer.exe' Killing PID 728 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ amcompat.tlb nscompat.tlb ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ wininet.dll is missing!! Anhang: smitfiles.txt
|
|
|
|
|
|
|
24.09.2006, 12:21
Ehrenmitglied
Beiträge: 29434 |
#22
scanne, option 1 und dann 2, lasse die wininet.dll suchen und ersetzen, poste beide reporte
http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 13:09
Member
Beiträge: 14 |
#23
option1
SmitFraudFix v2.99 Scan done at 13:01:44,89, 24.09.2006 Run from F:\zeugs\downloads\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Haroon\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Haroon\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End option2 SmitFraudFix v2.99 Scan done at 13:05:10,20, 24.09.2006 Run from F:\zeugs\downloads\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
|
|
24.09.2006, 13:44
Ehrenmitglied
Beiträge: 29434 |
#24
keine Ahnung, was das ist, habe ein bisschen gegogelt, und die Infos reichen nicht aus, um das rausloeschen zu lassen.
Zitat Unknown Service # 21Um die Diensteverwaltung explizit aufzurufen, gib ein unter Start - Ausführen: services.msc SecurityConsole - auf manuell oder deaktviert stellen, es sei denn, du weisst, was das ist. ** scanne und poste den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 18:17
Member
Beiträge: 14 |
#25
ich glaube counterspy liefert mir ein eher beunruhigendes ergebnis.
im Anhang der Report Spyware Scan Details Start Date: 24.09.2006 14:05:34 End Date: 24.09.2006 15:20:16 Total Time: 1 hrs 14 mins 42 secs Detected spyware SearchMiracle.EliteBar Browser Plug-in more information... Details: Adds a search hijacker toolbar to Internet Explorer called Elite Bar. Status: Deleted Infected files detected c:\dokumente und einstellungen\haroon\favoriten\finances & business\advertising.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\asset protection.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\bad credit.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\bankruptcy.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\business opportunity.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\business.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\cash advance.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\credit reports.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\credit.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\debt consolidation.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\debt relief.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\e commerce.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\home mortgages.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\human resources.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\insurance.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\loans.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\marketing.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\project management.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\refinance.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\small business.url c:\dokumente und einstellungen\haroon\favoriten\finances & business\work at home.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\adventure travel.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\air conditioning.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\air purifiers.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\air travel.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\blinds.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\celebrity cruises.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\cheap hotels.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\hawaii travel.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\home equity loans.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\home mortgages.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\international travel.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\las vegas hotels.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\lighting.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\mattress.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\moving.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\refinance.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\relocation.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\travel agents.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\travel insurance.url c:\dokumente und einstellungen\haroon\favoriten\homelife & travel\travel.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\adipex.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\auto insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\business insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\dental insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\diet pills.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\hair loss.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\health insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\home insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\life insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\nutrition.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\penis enlargement.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\phentermine.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\prozac.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\quit smoking.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\term life insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\travel insurance.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\valtrex.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\viagra.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\weight loss.url c:\dokumente und einstellungen\haroon\favoriten\health & insurance\xenical.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\baccarat.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\betting.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\bingo.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\blackjack.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\horse racing.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\online betting.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\online casinos.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\online gaming.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\poker.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\roulette.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\slot machines.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\sport betting.url c:\dokumente und einstellungen\haroon\favoriten\casino & carrers\sportsbooks.url Infected registry entries detected HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc} HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}\TypeLib {CA9FC31A-6F35-4493-B629-E64BD6170A17} HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{a9b28ef6-abf3-463b-a3d8-4d0d0badfadc} IEliteBarImpl HKEY_CLASSES_ROOT\typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17} HKEY_CLASSES_ROOT\typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}\1.0\0\win32 C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll HKEY_CLASSES_ROOT\typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{ca9fc31a-6f35-4493-b629-e64bd6170a17}\1.0 EliteBar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform iebar Twain Tech Adware (General) more information... Details: Twain-Tech is an adware based Internet Explorer browser helper object that deliver targeted ads based on a user's browsing patters. Twain-Tech does not provide any other relevant purpose other then to display pop-up ads. Status: Deleted Infected files detected c:\windows\smdat32a.sys c:\windows\smdat32m.sys ABetterInternet.Transponder.Ceres Adware (General) more information... Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of aBetterInternet. Status: Deleted Infected files detected c:\windows\inf\ceres.inf Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484} HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer32 C:\WINDOWS\ceres.dll HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\ProgID Ceres.CeresObj.1 HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\TypeLib {92daf5c1-2135-4e0c-b7a0-259abfcd3904} HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\VersionIndependentProgID Ceres.CeresObj HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484} CeresObj Class HKEY_CURRENT_USER\Software\Ceres HKEY_CURRENT_USER\Software\Ceres CSI4d3OfSDist 1|205|0|0|THNALL2C.EXE HKEY_CURRENT_USER\Software\Ceres CSI4d3OfSInst {935A2AEB-6E67-4BD0-AFDD-2AA7843082EC} HKEY_CURRENT_USER\Software\Ceres CSC4n3trMsgSDisp 0 HKEY_CLASSES_ROOT\CeresDll.CeresDllObj HKEY_CLASSES_ROOT\CeresDll.CeresDllObj\CLSID {00000049-8F91-4D9C-9573-F016E7626484} HKEY_CLASSES_ROOT\CeresDll.CeresDllObj\CurVer CeresDll.CeresDllObj.1 HKEY_CLASSES_ROOT\CeresDll.CeresDllObj Ceres Functional Class HKEY_CLASSES_ROOT\CeresDll.CeresDllObj.1 HKEY_CLASSES_ROOT\CeresDll.CeresDllObj.1\CLSID {00000049-8F91-4D9C-9573-F016E7626484} HKEY_CLASSES_ROOT\CeresDll.CeresDllObj.1 CeresObj Class HKEY_CLASSES_ROOT\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{00000049-8F91-4D9C-9573-F016E7626484}\Programmable ABetterInternet.Aurora Adware (General) more information... Details: ABetterInternet.Aurora is an adware program that spawns pop-ups on the desktop based on the user's browsing. Status: Deleted Infected files detected c:\windows\issm0064.dat Infected registry entries detected HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904} HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0\win32 C:\WINDOWS\ceres.dll HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\HELPDIR C:\WINDOWS\ HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1 CeresDll 1.1 Type Library HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}\1.1\0\win32 C:\WINDOWS\ceres.dll HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757} HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757}\TypeLib {92DAF5C1-2135-4E0C-B7A0-259ABFCD3904} HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757}\TypeLib Version 1.1 HKEY_CLASSES_ROOT\interface\{bb0d5adc-028d-4185-9288-722ddce2c757} ICeresDllObj Trustin.Bar Toolbar more information... Status: Deleted Infected files detected F:\toolz\security\Hijackthis\backup-20060917-195929-963.dll iSearch.Toolbar Toolbar more information... Details: iSearch.Toolbar is a spyware/adware toolbar that is purported to deliver advanced toolbar functions to Internet Explorer, however, it changes your browser settings. Status: Deleted Infected files detected c:/windows/system32/version.txt Infected registry entries detected HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_logo 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_search_area 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_search 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_blockPopups 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items zoomer 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items email 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button2 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_logo 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_search_area 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_search 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_blockPopups 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items zoomer 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items email 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button2 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar toolbar_id {9279BFCF-743C-495a-913A-74BCB7A2A296} HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar toolbar_version undefined HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ToolbarIsFailed 0 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar corruptedMsg One of the XML files is corrupted or invalid. Press OK to uninstall. HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar uninstallMsg This will remove the iSearch Toolbar from your computer! Are you sure? HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar updateMsg This will try to update the iSearch Toolbar from the server. Continue? HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar autoUpdateMsg A New version of the iSearch Toolbar is available. Would you like to download and install the new version? HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar versionError Can not find current version information. HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar connectionError Can't establish a connection. HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar lastVersionMsg You have the latest version of the iSearch Toolbar. HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar contextMenuItemName iSearch The Web HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar closeAllWindowsForUpdate All running IE Windows will be closed before updating the iSearch Toolbar. Continue? HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar PopStop iSearch Blocked A Pop-up HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar firstURL http://auto.isearch.com/welcome.php?tid=%toolbar_id&ref=%user_id HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar urlAfterUpdate http://auto.isearch.com/update.php?tid=%toolbar_id&ref=%user_id HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar serverpath http://auto.isearch.com/ HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar updateUrl http://auto.isearch.com/isearch.cab HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar urlAfterUninstall http://auto.isearch.com/uninstall.php?tid=%toolbar_id&ref=%user_id HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar contextSearch http://www.isearch.com/index.php?qry_str=%combo1&source=tbi HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar OpenNew 0 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar AutoComplete 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar KeepHistory 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar RunSearchAutomatically 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar RunSearchDragAutomatically 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar DescriptiveText 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ShowHighlightButton 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ShowFindButtons 0 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar UpdateAutomatically 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar EditWidthcombo1 2 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar 2 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar autoSearch http://auto.isearch.com/phrase.php?text=%s&tid=%toolbar_id&ref=%user_id HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar init 0 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar user_id 00010 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar blockPopups 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar Scope 1 HKEY_CURRENT_USER\Software\iSearch HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_logo 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_search_area 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button_search 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_blockPopups 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items zoomer 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items email 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\tb_items tb_button2 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar toolbar_id {9279BFCF-743C-495a-913A-74BCB7A2A296} HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar toolbar_version undefined HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ToolbarIsFailed 0 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar corruptedMsg One of the XML files is corrupted or invalid. Press OK to uninstall. HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar uninstallMsg This will remove the iSearch Toolbar from your computer! Are you sure? HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar updateMsg This will try to update the iSearch Toolbar from the server. Continue? HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar autoUpdateMsg A New version of the iSearch Toolbar is available. Would you like to download and install the new version? HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar versionError Can not find current version information. HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar connectionError Can't establish a connection. HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar lastVersionMsg You have the latest version of the iSearch Toolbar. HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar contextMenuItemName iSearch The Web HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar closeAllWindowsForUpdate All running IE Windows will be closed before updating the iSearch Toolbar. Continue? HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar PopStop iSearch Blocked A Pop-up HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar firstURL http://auto.isearch.com/welcome.php?tid=%toolbar_id&ref=%user_id HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar urlAfterUpdate http://auto.isearch.com/update.php?tid=%toolbar_id&ref=%user_id HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar serverpath http://auto.isearch.com/ HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar updateUrl http://auto.isearch.com/isearch.cab HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar urlAfterUninstall http://auto.isearch.com/uninstall.php?tid=%toolbar_id&ref=%user_id HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar contextSearch http://www.isearch.com/index.php?qry_str=%combo1&source=tbi HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar OpenNew 0 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar AutoComplete 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar KeepHistory 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar RunSearchAutomatically 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar RunSearchDragAutomatically 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar DescriptiveText 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ShowHighlightButton 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar ShowFindButtons 0 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar UpdateAutomatically 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar EditWidthcombo1 2 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar 2 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar autoSearch http://auto.isearch.com/phrase.php?text=%s&tid=%toolbar_id&ref=%user_id HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar init 0 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar user_id 00010 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar blockPopups 1 HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar Scope 1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt .Owner {1C78AB3F-A857-482E-80C0-3A1E5238A565} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/version.txt {1C78AB3F-A857-482E-80C0-3A1E5238A565} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll .Owner {1C78AB3F-A857-482E-80C0-3A1E5238A565} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/toolbar.dll {1C78AB3F-A857-482E-80C0-3A1E5238A565} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system32\toolbar.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system32\version.txt HKEY_CURRENT_USER\Software\iSearch\iSearch Toolbar\Historycombo1 CoolWebSearch.CameUp Hijacker more information... Details: CoolWebSearch.CameUp is an adware application that hijacks the user's Internet Explorers start page, and prevents the user from changing the URL back to their preferred homepage. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Search Page_bak HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main Start Page_bak IST.ISTbar.ActiveX Adware (General) more information... Details: ISTactivex is an Internet Explorer hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll KeenValue.PerfectNav Hijacker more information... Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\perfectnav HKEY_LOCAL_MACHINE\software\perfectnav UID A131EA7C-9EBB-4C12-9221-27525CEBEE21 IST.ISTbar Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main BandRest Never HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main BandRest Never Altnet/Topsearch Browser Plug-in more information... Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\ADM25.ADM25.1 HKEY_CLASSES_ROOT\ADM25.ADM25.1\CLSID {1D3BCE37-7834-4579-8169-E67681420A98} HKEY_CLASSES_ROOT\ADM25.ADM25.1 ADM25 Class HKEY_CLASSES_ROOT\ADM4.ADM4.1 HKEY_CLASSES_ROOT\ADM4.ADM4.1\CLSID {DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2} HKEY_CLASSES_ROOT\ADM4.ADM4.1 ADM4 Class HKEY_CLASSES_ROOT\ADM25.ADM25 HKEY_CLASSES_ROOT\ADM25.ADM25\CurVer ADM25.ADM25.1 HKEY_CLASSES_ROOT\ADM25.ADM25 ADM25 Class HKEY_CLASSES_ROOT\ADM4.ADM4 HKEY_CLASSES_ROOT\ADM4.ADM4\CurVer ADM4.ADM4.1 HKEY_CLASSES_ROOT\ADM4.ADM4 ADM4 Class Altnet P2P Networking Low Risk Adware more information... Details: Altnet P2P Networking is a program that uses peer-to-peer functionality to enable the delivery of content, including advertising, to PC desktops. This content may be used by other programs. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\P2P Networking IST.XXXToolbar Toolbar more information... Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\ISTactivex.dll Begin2Search Toolbar more information... Details: Begin2Search is a browser plug-in that installs as a toolbar in Internet Explorer and displays advertising on the desktop. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9} HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\InprocServer32 C:\WINDOWS\System32\rtneg.dll HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\ProgID trfdsk.amo.1 HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\VersionIndependentProgID trfdsk.amo HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9} amo Class HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B} HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32 C:\WINDOWS\System32\rtneg.dll HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\ProgID trfdsk.ohb.1 HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\VersionIndependentProgID trfdsk.ohb HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B} ohb Class HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1} HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\InprocServer32 C:\WINDOWS\System32\rtneg.dll HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\ProgID trfdsk.momo.1 HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\VersionIndependentProgID trfdsk.momo HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1} momo Class HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825} HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\InprocServer32 C:\WINDOWS\System32\rtneg.dll HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\MiscStatus 0 HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\ProgID trfdsk.iiittt.1 HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\ToolboxBitmap32 C:\WINDOWS\System32\rtneg.dll, 102 HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\Version 1.0 HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\VersionIndependentProgID trfdsk.iiittt HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825} iiittt Class HKEY_CLASSES_ROOT\trfdsk.amo HKEY_CLASSES_ROOT\trfdsk.amo\CLSID {356B2BD0-D206-4E21-8C85-C6F49409C6A9} HKEY_CLASSES_ROOT\trfdsk.amo\CurVer trfdsk.amo.1 HKEY_CLASSES_ROOT\trfdsk.amo amo Class HKEY_CLASSES_ROOT\trfdsk.ohb HKEY_CLASSES_ROOT\trfdsk.ohb\CLSID {999A06FF-10EF-4A29-8640-69E99882C26B} HKEY_CLASSES_ROOT\trfdsk.ohb\CurVer trfdsk.ohb.1 HKEY_CLASSES_ROOT\trfdsk.ohb ohb Class HKEY_CLASSES_ROOT\trfdsk.momo.1 HKEY_CLASSES_ROOT\trfdsk.momo.1\CLSID {52ADD86D-9561-4C40-B561-4204DBC139D1} HKEY_CLASSES_ROOT\trfdsk.momo.1 momo Class HKEY_CLASSES_ROOT\trfdsk.momo HKEY_CLASSES_ROOT\trfdsk.momo\CLSID {52ADD86D-9561-4C40-B561-4204DBC139D1} HKEY_CLASSES_ROOT\trfdsk.momo\CurVer trfdsk.momo.1 HKEY_CLASSES_ROOT\trfdsk.momo momo Class HKEY_CLASSES_ROOT\trfdsk.ohb.1 HKEY_CLASSES_ROOT\trfdsk.ohb.1\CLSID {999A06FF-10EF-4A29-8640-69E99882C26B} HKEY_CLASSES_ROOT\trfdsk.ohb.1 ohb Class HKEY_CLASSES_ROOT\trfdsk.iiittt.1 HKEY_CLASSES_ROOT\trfdsk.iiittt.1\CLSID {0962DA67-DB64-465C-8CD7-CBB357CAF825} HKEY_CLASSES_ROOT\trfdsk.iiittt.1 iiittt Class HKEY_CLASSES_ROOT\trfdsk.iiittt HKEY_CLASSES_ROOT\trfdsk.iiittt\CLSID {0962DA67-DB64-465C-8CD7-CBB357CAF825} HKEY_CLASSES_ROOT\trfdsk.iiittt\CurVer trfdsk.iiittt.1 HKEY_CLASSES_ROOT\trfdsk.iiittt iiittt Class HKEY_CLASSES_ROOT\trfdsk.amo.1 HKEY_CLASSES_ROOT\trfdsk.amo.1\CLSID {356B2BD0-D206-4E21-8C85-C6F49409C6A9} HKEY_CLASSES_ROOT\trfdsk.amo.1 amo Class ABetterInternet Adware (General) more information... Details: ABetterInternet shows advertisements based on the web pages you view and the web sites you visit. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757} HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib {92DAF5C1-2135-4E0C-B7A0-259ABFCD3904} HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib Version 1.1 HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757} ICeresDllObj HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1 HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1\CLSID {00000049-8F91-4D9C-9573-F016E7626484} HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1 CeresObj Class HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1\clsid HKEY_CLASSES_ROOT\ceresdll.ceresdllobj.1\clsid {00000049-8F91-4D9C-9573-F016E7626484} HKEY_CLASSES_ROOT\ceresdll.ceresdllobj HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\CLSID {00000049-8F91-4D9C-9573-F016E7626484} HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\CurVer CeresDll.CeresDllObj.1 HKEY_CLASSES_ROOT\ceresdll.ceresdllobj Ceres Functional Class HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\clsid HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\clsid {00000049-8F91-4D9C-9573-F016E7626484} HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\curver HKEY_CLASSES_ROOT\ceresdll.ceresdllobj\curver CeresDll.CeresDllObj.1 TinyBar Hijacker more information... Details: TinyBar is an Internet Explorer toolbar that adds registry entries that use the Windows system file shdocvw.dll to display a web page as a toolbar. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll SafeSurfing.RsyncMon Browser Plug-in more information... Details: SafeSurfing.RsyncMon is a SafeSurfing adware variant that installs as a Browser Helper Object (BHO) in Internet Explorer. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\RSyncMon HKEY_LOCAL_MACHINE\Software\RSyncMon\Run Version 2.01.0000 HKEY_LOCAL_MACHINE\Software\RSyncMon\Sys Registered 0 HKEY_LOCAL_MACHINE\Software\RSyncMon DistId 19 HKEY_LOCAL_MACHINE\Software\RSyncMon CrpId 6 HKEY_LOCAL_MACHINE\Software\RSyncMon Uninstall 0 HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1 HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1\CLSID {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1 RsyncHlpr Class HKEY_CLASSES_ROOT\Var3.RsyncHlpr HKEY_CLASSES_ROOT\Var3.RsyncHlpr\CLSID {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_CLASSES_ROOT\Var3.RsyncHlpr\CurVer Var3.RsyncHlpr.1 HKEY_CLASSES_ROOT\Var3.RsyncHlpr RsyncHlpr Class HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\InprocServer32 C:\WINDOWS\System32\rsyncmon.dll HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\ProgID Var3.RsyncHlpr.1 HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\TypeLib {227D1E33-EAD4-4ACE-BE32-4ACFAAD072DD} HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}\VersionIndependentProgID Var3.RsyncHlpr HKEY_CLASSES_ROOT\clsid\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} RsyncHlpr Class WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\ACM.ACMFactory HKEY_CLASSES_ROOT\ACM.ACMFactory\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory\CurVer ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory ACMFactory Class HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID ACM.ACMFactory.1 HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID ACM.ACMFactory HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} ACMFactory Class HKEY_CLASSES_ROOT\clsid\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32 C:\Programme\Save\ACM.dll HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR C:\Programme\Save\ HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0 ACM 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0} IACMFactory HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} IFetchExtractor HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib {DF901432-1B9F-4F5B-9E56-301C553F9095} HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842} IFetchData HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} ACM HKEY_CLASSES_ROOT\AppID\ACM.DLL HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} RealVNC Commercial Remote Control Tool more information... Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\ORL\VNCHooks HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_GetUpdateRect 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_Timer 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_KeyPress 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_LButtonUp 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_MButtonUp 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_RButtonUp 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\iPodService.exe use_Deferral 1 SearchNugget Toolbar more information... Details: SearchNugget is a Browser Helper Object (BHO) that creates a toolbar in Internet Explorer. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\ACM.ACMFactory.1 HKEY_CLASSES_ROOT\ACM.ACMFactory.1\CLSID {A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} HKEY_CLASSES_ROOT\ACM.ACMFactory.1 ACMFactory Class HKEY_CLASSES_ROOT\AppID\ACM.DLL AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} AppID {127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} Automatic Screen Observer Surveillance (General) more information... Details: Automatic Screen Observer is an application which captures screenshots at specified intervals. These screenshots are stored on the computer and can be accessed at a later time. The application can be configured to start recording silently on start up. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO DisplayName ActionScript Obfuscator - Lite Edition (r15) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO UninstallString "F:\toolz\Flash Decompiler\FlashProtector\ASOLite\ASO\uninstall.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASO NoRepair 1 SpamTool.Win32.Mailbot.az Trojan more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pe386 Backdoor.Rustock Backdoor more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lzx32 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lzx32 Begin2Search.BigTrafficNet Browser Plug-in more information... Details: Begin2Search.BigTrafficNet is an adware program that displays advertisements. It works as a Browser Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668} HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668} IInst HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A} HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A} IinebDB HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31} HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31} Ioma HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B} HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B} IBHO HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\0\win32 C:\WINDOWS\System32\rtneg.dll HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0\HELPDIR C:\WINDOWS\System32\ HKEY_CLASSES_ROOT\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}\1.0 windec32 1.0 Type Library Anhang: counterspy.txt
|
|
|
|
|
|
|
24.09.2006, 20:35
Ehrenmitglied
Beiträge: 29434 |
#26
na also, da hat der Counterspy GANZE ARBEIT geleistet
 sogar ein SpamTool.Win32.Mailbot.az ... da wurde dein Rechner verwendet, um anderen Spammails zu posten.............. «« Avenger http://virus-protect.org/artikel/tools/avenger.html Zitat registry keys to delete:«« Registry Search by Bobbi Flekman kopiere rein pe386 lzx32 poste den report ------------- HINWEIS Counterspy killt immer nur einen Teil Dateien. Man muss also immer wieder den Quarantäne-Ordner von Counterspy leeren und wieder neu damit scannen, solange bis Counterspy nichts mehr findet. dann berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 23:47
Member
Beiträge: 14 |
#27
so weiter gehts...
Avenger Log Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityConsole not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityConsole failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityConsole Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SECURITYCONSOLE deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SECURITYCONSOLE deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURITYCONSOLE not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURITYCONSOLE failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SECURITYCONSOLE Status: 0xc0000034 File c:\windows\downloaded program files\istactivex.dll not found! Deletion of file c:\windows\downloaded program files\istactivex.dll failed! Could not process line: c:\windows\downloaded program files\istactivex.dll Status: 0xc0000034 File C:\WINDOWS\System32\rtneg.dll not found! Deletion of file C:\WINDOWS\System32\rtneg.dll failed! Could not process line: C:\WINDOWS\System32\rtneg.dll Status: 0xc0000034 File C:\WINDOWS\ceres.dll not found! Deletion of file C:\WINDOWS\ceres.dll failed! Could not process line: C:\WINDOWS\ceres.dll Status: 0xc0000034 Folder c:\dokumente und einstellungen\haroon\favoriten\finances & business not found! Deletion of folder c:\dokumente und einstellungen\haroon\favoriten\finances & business failed! Could not process line: c:\dokumente und einstellungen\haroon\favoriten\finances & business Status: 0xc0000034 Folder c:\dokumente und einstellungen\haroon\favoriten\homelife & travel not found! Deletion of folder c:\dokumente und einstellungen\haroon\favoriten\homelife & travel failed! Could not process line: c:\dokumente und einstellungen\haroon\favoriten\homelife & travel Status: 0xc0000034 Folder c:\dokumente und einstellungen\haroon\favoriten\health & insurance not found! Deletion of folder c:\dokumente und einstellungen\haroon\favoriten\health & insurance failed! Could not process line: c:\dokumente und einstellungen\haroon\favoriten\health & insurance Status: 0xc0000034 Folder c:\dokumente und einstellungen\haroon\favoriten\casino & carrers not found! Deletion of folder c:\dokumente und einstellungen\haroon\favoriten\casino & carrers failed! Could not process line: c:\dokumente und einstellungen\haroon\favoriten\casino & carrers Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. und Registry Search REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 24.09.2006 23:51:37 for strings: ; 'pe386' ; 'lzx32' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... ich lasse derweilen noch counterspy laufen (oder hätte ich das vorher tun sollen?) |
|
|
|
|
|
|
25.09.2006, 10:50
Ehrenmitglied
Beiträge: 29434 |
#28
berichte dann, ob alles sauber ist (im Counterspy)
** scanne mit sophos und poste den scanreport http://virus-protect.org/multiavtool.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 14:19
Member
Beiträge: 14 |
||
|
|
|
|
|
25.09.2006, 15:15
Ehrenmitglied
Beiträge: 29434 |
#30
es muesste alles wieder sauber sein
wenn du Zeit/Lust hast, wende noch die 3 anderen Scanner im multiavtool an __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
__________
MfG Sabina
rund um die PC-Sicherheit