Spyware Scan Details Start Date: 29.04.2006 18:41:12 End Date: 29.04.2006 19:30:56 Total Time: 49 mins 44 secs Detected spyware PrivacyDefender Rogue Security Program more information... Details: PrivacyDefender is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected files detected c:\windows\system32\ishf_ex.tlb Altnet Browser Plug-in more information... Details: Altnet/Topsearch is a browser plug-in that acts as search engine for peer-to-peer applications Kazaa and Grokster. Status: Deleted Infected files detected D:\Program Files\Altnet\Download Manager\asm.exe Cydoor Adware (General) more information... Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer. Status: Deleted Infected files detected D:\Programme\Blubster\cd_install_336.exe Infected registry entries detected HKEY_LOCAL_MACHINE\software\cydoor HKEY_LOCAL_MACHINE\software\cydoor D:\Programme\Blubster\Blubster.exe 336 HKEY_LOCAL_MACHINE\software\cydoor AdwrCnt 1 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsupport_336 HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsupport_336 DisplayName Blubster ads support HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsupport_336 UninstallString RunDll32 C:\WINDOWS\system32\cd_clint.dll,ServiceRunDll u_336 HKEY_CURRENT_USER\software\cydoor services HKEY_CURRENT_USER\software\cydoor services\Queue BnsCnt 0 HKEY_CURRENT_USER\software\cydoor services\Queue BnsPtr 1 HKEY_CURRENT_USER\software\cydoor services\Status\cd_htm Accept application/x-html HKEY_CURRENT_USER\software\cydoor services\Status\cd_htm Ext htm,html HKEY_CURRENT_USER\software\cydoor services\Status\cd_htm Ver 1001 HKEY_CURRENT_USER\software\cydoor services\Status\cd_htm Stt 0 HKEY_CURRENT_USER\software\cydoor services\Status IdleState 1 HKEY_CURRENT_USER\software\cydoor HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 PrCode 8924 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 ExpsNum 24 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 ExpsCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 ExpsLast 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 BannNum 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 BannCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 FileTerm HTM HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 StartDate 1116910800 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 EndDate 1146411480 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 Url Nothing HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 ConfStr ??? HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 BannUrl http://jcontent.bns1.net/bns/new/ HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 ShowBann 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 CycleInter 2 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 ExpsMSecCnt 3254 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4451 ActvMSecCnt 3254 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 PrCode 8927 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 ExpsNum 24 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 ExpsCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 ExpsLast 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 BannNum 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 BannCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 FileTerm HTM HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 StartDate 1116910800 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 EndDate 1146411480 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 Url Nothing HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 ConfStr ??? HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 BannUrl http://jcontent.bns1.net/bns/new/ HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 ShowBann 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4454 CycleInter 2 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 PrCode 8928 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 ExpsNum 24 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 ExpsCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 ExpsLast 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 BannNum 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 BannCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 FileTerm HTM HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 StartDate 1116910800 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 EndDate 1146411480 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 Url Nothing HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 ConfStr ??? HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 BannUrl http://jcontent.bns1.net/bns/new/ HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 ShowBann 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0\Seqn_4455 CycleInter 2 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0 SeqnList HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0 SeqnNum 3 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0\Level_0 MinCycle 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0 Passive 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_0 DeftExpsLen 25 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 PopupDefs 2 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 PrCode 10791 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 ExpsNum 100 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 ExpsCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 ExpsLast 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 BannNum 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 BannCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 FileTerm HTM HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 StartDate 1120539600 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 EndDate 1146411480 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 Url Nothing HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 ConfStr ??? HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 BannUrl http://jcontent.bns1.net/bns/new/ HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 Type 4 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 CycleInter 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1\Level_0\Seqn_2750 ShowBann 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336\Loct_1 Passive 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336 LoctNum 1 HKEY_CURRENT_USER\software\cydoor\Adwr_336 DistCode 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336 ExistFile D:\Programme\Blubster\Blubster.exe HKEY_CURRENT_USER\software\cydoor\Adwr_336 ShowChange 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336 DaysCnt 0 HKEY_CURRENT_USER\software\cydoor\Adwr_336 ConnFrqn 50 HKEY_CURRENT_USER\software\cydoor\Adwr_336 LastCMSConn HKEY_CURRENT_USER\software\cydoor Vers 3210 HKEY_CURRENT_USER\software\cydoor Desc2 ??????????@?????????????? HKEY_CURRENT_USER\software\cydoor UserCode 200101 HKEY_CURRENT_USER\software\cydoor ShowChange 0 HKEY_CURRENT_USER\software\cydoor ConnType 2 HKEY_CURRENT_USER\software\cydoor HIS_4 ???????????????????????????????????????????????????????????????????????????q HKEY_CURRENT_USER\software\cydoor RHIS_4 HKEY_CURRENT_USER\software\cydoor DHIS_4 HKEY_CURRENT_USER\software\cydoor Cms1Url www.cms1.net HKEY_CURRENT_USER\software\cydoor Cms2Url www.cms2.net HKEY_CURRENT_USER\software\cydoor HIS_2 ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????@ HKEY_CURRENT_USER\software\cydoor RHIS_2 HKEY_CURRENT_USER\software\cydoor DHIS_2 webHancer Adware (General) more information... Details: WebHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user. Status: Deleted Infected files detected D:\Programme\Blubster\whcc-1.exe Infected registry entries detected HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj\CurVer WhIeHelperObj.WhIeHelperObj.1 HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj WhIeHelperObj Class HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0} HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}\InprocServer32 C:\Program Files\webHancer\programs\whiehlpr.dll HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}\ProgID WhIeHelperObj.WhIeHelperObj.1 HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}\VersionIndependentProgID WhIeHelperObj.WhIeHelperObj HKEY_CLASSES_ROOT\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0} WhIeHelperObj Class HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\TypeLib {C8CB3870-CDFE-11D3-976A-00E02913A9E0} HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} IWhIeHelperObj HKEY_CLASSES_ROOT\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} HKEY_CLASSES_ROOT\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\0\win32 C:\Program Files\webHancer\programs\whiehlpr.dll HKEY_CLASSES_ROOT\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0\HELPDIR C:\Program Files\webHancer\programs\ HKEY_CLASSES_ROOT\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\1.0 IWhIeHelperObj 1.0 Type Library HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1\CLSID {c900b400-cdfe-11d3-976a-00e02913a9e0} HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 WhIeHelperObj Class HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1\clsid HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1\clsid {c900b400-cdfe-11d3-976a-00e02913a9e0} HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj\curver HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj\curver WhIeHelperObj.WhIeHelperObj.1 HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0}\Programmable HKEY_CLASSES_ROOT\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0}\1.0\0\win32 C:\Program Files\webHancer\programs\whiehlpr.dll KaZaA P2P Program more information... Details: Kazaa is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected D:\Programme\Kazaa\Db\ctx4-060124.cab D:\Programme\Kazaa\Db\tsi4-060124a.cab D:\RECYCLER\S-1-5-21-1214440339-1677128483-1343024091-1004\Dd6\Db\ctx4-060124.cab D:\RECYCLER\S-1-5-21-1214440339-1677128483-1343024091-1004\Dd6\Db\tsi4-060124a.cab My Way Speedbar Potentially Unwanted Program more information... Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} myBar BHO HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC} myBar Installer2 HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeStartup.1 HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeStartup HKEY_CLASSES_ROOT\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeStartup Class HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.SettingsPlugin.1 HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.SettingsPlugin HKEY_CLASSES_ROOT\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC} My Way Settings HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\InprocServer32 C:\WINDOWS\system32\shdocvw.dll HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\Instance\InitPropertyBag Url res://C:\PROGRA~1\MyWay\myBar\1.bin\MYBAR.DLL/105 HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac}\Instance CLSID {4D5C8C2A-D075-11d0-B416-00C04FB90376} HKEY_CLASSES_ROOT\clsid\{0494d0de-f8e0-41ad-92a3-14154ece70ac} My Search Bar Quick View HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\0\win32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\HELPDIR C:\Programme\MyWay\myBar\1.bin\ HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0 Toolbar 1.0 Type Library HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeStartup HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeShutdown HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID MyWayToolBar.NetscapeShutdown.1 HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID MyWayToolBar.NetscapeShutdown HKEY_CLASSES_ROOT\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC} myBarNetscapeShutdown Class HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pid BL HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id 5799724E-F22D-4317-AE81-D86BDEF7B430 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 1 HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} My &Search Bar HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1 131473 HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41ad-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC} myBar IE Installer HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Shutdown MyWayToolBar.NetscapeShutdown.1 MyWayToolBar.NetscapeShutdown.1 HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Startup MyWayToolBar.NetscapeStartup.1 MyWayToolBar.NetscapeStartup.1 DownloadWare Adware (General) more information... Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} IMyWaySettings HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC} HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} _IMyWaySettingsEvents GirlFriend 1.35 RAT more information... Details: Girlfriend is a remote trojan which get connect on the remote machine and navigate according to it's functionality. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\General Need2Find.Toolbar Potentially Unwanted Program more information... Details: Need2Find.Toolbar is an IE plugin with its own Search Field. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2\CLSID {0002DF01-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\MSIEDe1egate.Application.2 Internet Exp1orer (Ver 1.23593) HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pid KC HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Dir C:\Programme\Need2Find\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar PluginPath C:\Programme\Need2Find\bar\1.bin\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar sr 0 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Id 63696D11-53C7-42EE-B6FF-D5DDEF68A8E6 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Build 136.41942 HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\Need2Find\bar Visible 1 Need2FindBar Potentially Unwanted Program more information... Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\Software\Need2Find HKEY_LOCAL_MACHINE\Software\Need2Find\bar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\Software\Need2Find\bar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe HKEY_LOCAL_MACHINE\Software\Need2Find\bar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1 HKEY_LOCAL_MACHINE\Software\Need2Find\bar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2 HKEY_LOCAL_MACHINE\Software\Need2Find\bar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3 HKEY_LOCAL_MACHINE\Software\Need2Find\bar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4 HKEY_LOCAL_MACHINE\Software\Need2Find\bar pid KC HKEY_LOCAL_MACHINE\Software\Need2Find\bar Dir C:\Programme\Need2Find\bar\ HKEY_LOCAL_MACHINE\Software\Need2Find\bar ShzmCurInstall 1 HKEY_LOCAL_MACHINE\Software\Need2Find\bar PluginPath C:\Programme\Need2Find\bar\1.bin\ HKEY_LOCAL_MACHINE\Software\Need2Find\bar CurInstall 1 HKEY_LOCAL_MACHINE\Software\Need2Find\bar sr 0 HKEY_LOCAL_MACHINE\Software\Need2Find\bar pl 7 HKEY_LOCAL_MACHINE\Software\Need2Find\bar Id 63696D11-53C7-42EE-B6FF-D5DDEF68A8E6 HKEY_LOCAL_MACHINE\Software\Need2Find\bar Build 136.41942 HKEY_LOCAL_MACHINE\Software\Need2Find\bar CacheDir C:\Programme\Need2Find\bar\Cache\ HKEY_LOCAL_MACHINE\Software\Need2Find\bar Visible 1 HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10} HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InProcServer32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL RXToolbar Toolbar more information... Details: RXToolbar is an Internet Explorer toolbar that shows links for the current page being viewed, targetted through www.searchenginebar.com. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 C:\Programme\RXToolBar\sfcont.dll HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32 ThreadingModel both HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName sfcont.bin HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID RXResult.RXResultFilter.1 HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID RXResult.RXResultFilter HKEY_CLASSES_ROOT\clsid\{2AB289AE-4B90-4281-B2AE-1F4BB034B647} RXResultFilter Class HKEY_CLASSES_ROOT\RXResult.RXResultTracker HKEY_CLASSES_ROOT\RXResult.RXResultTracker\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\RXResult.RXResultTracker RXResultTracker Class HKEY_CLASSES_ROOT\RXResult.RXResultFilter HKEY_CLASSES_ROOT\RXResult.RXResultFilter\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_CLASSES_ROOT\RXResult.RXResultFilter RXResultFilter Class HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1\CLSID {2AB289AE-4B90-4281-B2AE-1F4BB034B647} HKEY_CLASSES_ROOT\RXResult.RXResultFilter.1 RXResultFilter Class HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1\CLSID {59879FA4-4790-461c-A1CC-4EC4DE4CA483} HKEY_CLASSES_ROOT\RXResult.RXResultTracker.1 RXResultTracker Class DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\timotime\cookies\timotime@doubleclick[1].txt FastClick.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\timotime\cookies\timotime@fastclick[1].txt Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\timotime\cookies\timotime@mediaplex[1].txt Zedo Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\timotime\cookies\timotime@zedo[1].txt