CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

schipa Nybegynder

07. juni 2005 - 15:02 Der er 8 kommentarer og
1 løsning

Hjælp y XP installation blev shanghajet

Hej

jeg installerede XP Home på en ny maskine. Lidt naivt af mig, men jeg tænkte, at hvis jeg som det første kørte windows update, så skulle det være sikkert nok. Tog fejl.
Faktisk skyder jeg skylden lidt på Bullguard (downloadede prøveversionen, men når den så skulle til at starte op, krævede det, at jeg sendte oplysninger, via mail, hvor åndssvagt er det? Hvis man ikke har nogen som helst anden beskyttelse kørende i forvejen? Det er bare trist, især når man ved, at det er et dansk software.

Nå men, her er log af Ad-Aware skanning:

+ + + + + + + + + + + + + + + + + + + + + + + + + + +

Ad-Aware SE Build 1.06r1
Logfile Created on:6. juni 2005 02:21:31
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):10 total references
DyFuCA(TAC index:3):66 total references
Ebates MoneyMaker(TAC index:4):3 total references
Elitum.ElitebarBHO(TAC index:5):52 total references
istbar(TAC index:7):23 total references
MRU List(TAC index:0):7 total references
Other(TAC index:5):3 total references
Possible Browser Hijack attempt(TAC index:3):7 total references
Tracking Cookie(TAC index:3):3 total references
Win32.Backdoor.Rbot.gen(TAC index:7):2 total references
ZyncosMark(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

06-06-2005 02:21:31 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : F:\Documents and Settings\Leo\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1979792683-725345543-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1979792683-725345543-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-1409082233-1979792683-725345543-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 468
ThreadCreationTime : 06-06-2005 00:13:54
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\F:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 06-06-2005 00:14:00
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\F:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 06-06-2005 00:14:00
BasePriority : High

#:4 [services.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 06-06-2005 00:14:00
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operativsystem
CompanyName : Microsoft Corporation
FileDescription : Tjenester og controllerprogrammer
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 06-06-2005 00:14:00
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 828
ThreadCreationTime : 06-06-2005 00:14:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 880
ThreadCreationTime : 06-06-2005 00:14:06
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [smc.exe]
FilePath : F:\Programmer\Sygate\SPF\
ProcessID : 920
ThreadCreationTime : 06-06-2005 00:14:07
BasePriority : Normal
FileVersion : 5.5.00.2637
ProductVersion : 5.5.00.2637
ProductName : Sygate® Security Agent and Personal Firewall
CompanyName : Sygate Technologies, Inc.
FileDescription : Sygate Agent Firewall
InternalName : Smc
LegalCopyright : Copyright © 1999 - 2003 Sygate Technologies, Inc. All rights reserved.
OriginalFilename : Smc.EXE

#:9 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 1060
ThreadCreationTime : 06-06-2005 00:14:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 1192
ThreadCreationTime : 06-06-2005 00:14:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : F:\WINDOWS\
ProcessID : 1344
ThreadCreationTime : 06-06-2005 00:14:08
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operativsystem
CompanyName : Microsoft Corporation
FileDescription : Windows Stifinder
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 1472
ThreadCreationTime : 06-06-2005 00:14:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [pdesk.exe]
FilePath : F:\WINDOWS\System32\PDesk\
ProcessID : 1768
ThreadCreationTime : 06-06-2005 00:14:10
BasePriority : Normal
FileVersion : 6.71.014
ProductVersion : 6.71.014
ProductName : Matrox PDesk
CompanyName : Matrox Graphics Inc.
FileDescription : PDesk
InternalName : PDesk
LegalCopyright : Copyright (c) 1996-2001
OriginalFilename : PDesk.exe

#:14 [istsvc.exe]
FilePath : F:\Programmer\ISTsvc\
ProcessID : 1828
ThreadCreationTime : 06-06-2005 00:14:10
BasePriority : Normal

#:15 [vibuujya.exe]
FilePath : F:\WINDOWS\
ProcessID : 1836
ThreadCreationTime : 06-06-2005 00:14:10
BasePriority : Normal

#:16 [zlh.exe]
FilePath : F:\Norman\bin\
ProcessID : 1888
ThreadCreationTime : 06-06-2005 00:14:11
BasePriority : Normal

#:17 [ctfmon.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 1900
ThreadCreationTime : 06-06-2005 00:14:11
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:18 [teatimer.exe]
FilePath : F:\Programmer\Spybot - Search & Destroy\
ProcessID : 1936
ThreadCreationTime : 06-06-2005 00:14:12
BasePriority : Idle
FileVersion : 1, 4, 0, 2
ProductVersion : 1, 4, 0, 3
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:19 [mgabg.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 312
ThreadCreationTime : 06-06-2005 00:14:16
BasePriority : Normal
FileVersion : 1.00.020
ProductVersion : 1.00.020
ProductName : Matrox Graphics Inc. MGABG
CompanyName : Matrox Graphics Inc.
FileDescription : MGABG
InternalName : MGABG
LegalCopyright : Copyright Matrox © 2001
OriginalFilename : MGABG.exe

#:20 [zanda.exe]
FilePath : F:\Norman\Bin\
ProcessID : 432
ThreadCreationTime : 06-06-2005 00:14:19
BasePriority : Normal

#:21 [nvcoas.exe]
FilePath : F:\Norman\Nvc\bin\
ProcessID : 1244
ThreadCreationTime : 06-06-2005 00:14:24
BasePriority : Normal
FileVersion : 5, 3, 0, 1
ProductVersion : NVC forTerminal server beta
ProductName : NVC on-access scanner
CompanyName : Norman ASA
FileDescription : NVC on-access virus scanner
InternalName : NVCNT
LegalCopyright : Copyright © 2000-2001
OriginalFilename : NVCOAS.EXE

#:22 [nip.exe]
FilePath : F:\Norman\Nvc\BIN\
ProcessID : 1316
ThreadCreationTime : 06-06-2005 00:14:24
BasePriority : Normal

#:23 [nvcsched.exe]
FilePath : F:\Norman\Nvc\BIN\
ProcessID : 1604
ThreadCreationTime : 06-06-2005 00:14:25
BasePriority : Normal
FileVersion : 1.03
ProductVersion : 1.03
ProductName : Norman Virus Control
CompanyName : Norman Data Defense Systems
FileDescription : NVC Scheduler
InternalName : NVCSched.exe
LegalCopyright : (c) Norman Data Defense Systems. 1997-2000
OriginalFilename : NVCSched.exe

#:24 [nipsvc.exe]
FilePath : F:\Norman\Nvc\BIN\
ProcessID : 1708
ThreadCreationTime : 06-06-2005 00:14:26
BasePriority : Normal

#:25 [njeeves.exe]
FilePath : F:\Norman\bin\
ProcessID : 784
ThreadCreationTime : 06-06-2005 00:14:27
BasePriority : Normal

#:26 [cclaw.exe]
FilePath : F:\Norman\Nvc\bin\
ProcessID : 1564
ThreadCreationTime : 06-06-2005 00:14:36
BasePriority : Normal

#:27 [npfmsg2.exe]
FilePath : F:\Norman\Nvc\BIN\
ProcessID : 2320
ThreadCreationTime : 06-06-2005 00:15:00
BasePriority : Normal
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : NPFMessenger Application
FileDescription : NPFMessenger MFC Application
InternalName : NPFMessenger
LegalCopyright : Copyright (C) 2000
OriginalFilename : NPFMessenger.EXE

#:28 [notepad.exe]
FilePath : F:\WINDOWS\system32\
ProcessID : 2816
ThreadCreationTime : 06-06-2005 00:15:49
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operativsystem
CompanyName : Microsoft Corporation
FileDescription : Notesblok
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename : NOTEPAD.EXE

#:29 [wpabaln.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 2964
ThreadCreationTime : 06-06-2005 00:16:08
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operativsystem
CompanyName : Microsoft Corporation
FileDescription : Påmindelse om Windows-produktaktivering (WPA)
InternalName : WPABALN.EXE
LegalCopyright : © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename : WPABALN.EXE

#:30 [taskmgr.exe]
FilePath : F:\WINDOWS\System32\
ProcessID : 2728
ThreadCreationTime : 06-06-2005 00:20:35
BasePriority : High
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operativsystem
CompanyName : Microsoft Corporation
FileDescription : Windows Jobliste
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. Alle rettigheder forbeholdes.
OriginalFilename : taskmgr.exe

#:31 [ad-aware.exe]
FilePath : F:\Programmer\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1556
ThreadCreationTime : 06-06-2005 00:21:10
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28caeff3-0f18-4036-b504-51d73bd81abc}

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{825cf5bd-8862-4430-b771-0c15c5ca8def}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52}

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : istbar.barobj

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : testcontentmatchcontrol1.contentmatchtag.1

ZyncosMark Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : config

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\ist
Value : Recover

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\ist

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\ist
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\ist
Value : config

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\ist
Value : Recover

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\ist

Alexa Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : last_conn_l

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : we

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : cdata

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : TimeOffset

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : action_url_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : action_url_last_chunk

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : action_url_last_full_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : key_file

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : kw_last_chunk

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : geourl_last_full_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : geourl_current_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : actionurl_last_full_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : actionurl_current_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : keyword_last_full_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\sais
Value : keyword_current_version

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt2

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : mt3

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gma

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gvi

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : gpi

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : did

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : duid

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : partner_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : product_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\sais
Value : umt

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_name

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_url

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : ui

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_initial_delay

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_day_limit

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_version

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_count

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : account_id

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : app_date

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : popup_last

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : update_last

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_interval

DyFuCA Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istsvc
Value : config_last

DyFuCA Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : AccountNumber

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : uninstalled

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : _show

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : FirstTimeStarted

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : SearchIndex

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : AutoComplete

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : ac1

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : adult.tbr

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : popupblocker

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : popups

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : pthreshold

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : default.tbr

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : search.mnu

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : version

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : path

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : UpdateDate

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : UpdateAttempt

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\elitum\elitetoolbar
Value : guid

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc}

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Value : DisplayName

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\elitebar internet explorer toolbar
Value : DisplayIcon

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : UninstallString

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\istsvc
Value : NoModify

istbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : barTitle

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : serverpath

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : urlAfterInstall

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : gUpdate

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\istbar
Value : TBRowMode

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\lq
Value : AC

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-1409082233-1979792683-725345543-1004\software\lq
Value : AC

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{825CF5BD-8862-4430-B771-0C15C5CA8DEF}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {825CF5BD-8862-4430-B771-0C15C5CA8DEF}

istbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment : "IST Service"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : IST Service

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 116
Objects found so far: 123

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 6
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 6
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 6
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 6
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar "http://www.slotch.com"
TAC Rating : 6
Category : Malware
Comment : (http://www.slotch.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
Value : HelpLink
Trusted zone presumably compromised : contentmatch.net

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Trusted zone presumably compromised : contentmatch.net\ny
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net\ny
Value : https

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 130

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : leo@revenue[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:leo@revenue.net/
Expires : 10-06-2022 07:05:42
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : leo@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:leo@casalemedia.com/
Expires : 27-05-2006 20:52:16
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 132

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : File
Data : A0001088.exe
TAC Rating : 3
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B55AECCA-11DF-4C59-ABDA-D0D2A8F79DA4}\RP4\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 133

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 133

Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 133

Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

DyFuCA Object Recognized!
Type : File
Data : cln7.tmp
TAC Rating : 3
Category : Malware
Comment :
Object : F:\Documents and Settings\Leo\Lokale indstillinger\Temp\

ZyncosMark Object Recognized!
Type : File
Data : cmctl.dll
TAC Rating : 3
Category : Data Miner
Comment :
Object : F:\Programmer\ISTbar\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : ContentMatchControl
FileDescription : ContentMatchControl
InternalName : ContentMatchControl1
LegalCopyright : Copyright 2005
OriginalFilename : ContentMatchControl1.DLL

Win32.Backdoor.Rbot.gen Object Recognized!
Type : File
Data : A0003183.exe
TAC Rating : 7
Category : Malware
Comment :
Object : F:\System Volume Information\_restore{B55AECCA-11DF-4C59-ABDA-D0D2A8F79DA4}\RP7\

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : system@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : F:\WINDOWS\system32\config\systemprofile\Cookies\system@cgi-bin[1].txt

DyFuCA Object Recognized!
Type : File
Data : optimize.exe
TAC Rating : 3
Category : Malware
Comment :
Object : F:\WINDOWS\Temp\

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 138

Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 138

Scanning Hosts file......
Hosts file location:"F:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 138

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Elitum.ElitebarBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : U

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AD

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AC

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : I

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\lq
Value : AT

Elitum.ElitebarBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment

Synes godt om

schipa Nybegynder

07. juni 2005 - 15:04 #1

Den korte af den lange er:

- er det ikke sikrest, at lave en fresh install? Og i så fald, hvordan bærer jeg mig ad? Er det nok at formatere pågældende partition, eller skal jeg formattere hele disken?

Synes godt om

james_t_dk Juniormester

07. juni 2005 - 15:27 #2

Ud med net stikket.

Formater.
Installer.
Installer SP2 som du har brændt på en CD, ikke noget med at gå på nettet (http://www.softwarepatch.com/windows/xpsp2.html)
Installer Avast som du også har på cd, gratis antivirus (http://avast.com/eng/down_home.html)
Installer Zonealarm (http://download.zonelabs.com/bin/free/1012_zl/zlsSetup_55_094_000.exe)

Sæt netstikket i og opdater alt hvad der ikke allerede er opdateret.

Synes godt om

jpvj Nybegynder

07. juni 2005 - 15:33 #3

Enig med james_t_k.

Problemet med en XP uden SP2 er, at firewallen IKKE er aktiv så snart netkortet er det, dvs. man er ubeskyttet allerede under installationen.

Formatter og installer og læg SP2 og aktiver firewallen. Hvis du har en router med NAT, er der ingen problemer med at være forbundet til internettet mens du gør det (med mindre du lige portmapper lidt uheldigt :-)), men sidder maskinen i stikket på dit ADSL moden - så lad være.

Har du overvejet at lave en XP CD *med* SP2? Der er flere guides og tools på nettet, der gør det automatisk.

Synes godt om

jpvj Nybegynder

07. juni 2005 - 15:34 #4

PS: Giv points til james_t_k - han svarede først på dit spm.

Synes godt om

schipa Nybegynder

07. juni 2005 - 15:58 #5

ok, 1000 tak, gutter!

james>

- er der en bestemt grund til at du anbefaler avast? Jeg havde nu tænkt mig at købe Norman.

- laver du et svar?

Synes godt om

majsmarken Nybegynder

07. juni 2005 - 16:26 #6

Ti hi - du ka' så hermed bekræfte dette:
http://1klik.dk/news_1klik/nyhed_32992.html

Du kan også hente SP2 her som 'løs' fil (~280Mb):
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/
Download/copy til et passende medie.
Afbryd fra det 'farlige' internet (stikket fysisk UD).
Instaler SP2 pakken.
Når det er så gået godt og efter en genstart eller to - først DA tilslut internettet igen og gå i start ->programmer ->Windowsupdate og lade din maskine scanne for nyeste opdateringer. Installer dem du får anbefalet.

Synes godt om

majsmarken Nybegynder

07. juni 2005 - 16:28 #7

Samme sted http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/ ka' du så også sakse:
Windows Media Player 10 for Windows XP
Acrobat Reader 7.0
samt
MS Office ServicePacks

Rart at vide...

PS: pt. modtager vi ikke automatisk E-mail fra Eksperten - derfor minimum af (retur)support...

Synes godt om

james_t_dk Juniormester

07. juni 2005 - 23:08 #8

schipa>> Har gode erfaringer med Avast på alle familiens PC'er! Desuden er det gratis.

Synes godt om

schipa Nybegynder

11. juni 2005 - 21:32 #9

Hej

en gang til, tak til alle for hjælpen. Det er nu ordnet!

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Bilkøb Af arnepedersen i Andet sikkerhed	7	15/11/202415:55	18/11/202412:57
ONVIF??? Af johnnylassen i Andet sikkerhed	9	22/10/202412:50	24/10/202410:00
Synology surveillance bogmærker. Af johnnylassen i Andet sikkerhed	2	30/09/202408:37	30/09/202409:48
Kode på USB nøgle Af Peter Olsen i Andet sikkerhed	13	29/09/202409:55	01/10/202418:15
Hjælp til wifi Af Kim1998 i Andet sikkerhed	2	07/09/202412:25	09/09/202409:37

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS