Entfernen des WinFixer |
||
---|---|---|
#0
| ||
20.11.2005, 12:19
Ehrenmitglied
Beiträge: 29434 |
||
|
||
20.11.2005, 12:40
...neu hier
Themenstarter Beiträge: 6 |
#17
Hallo,
ich oute mich jetzt mal als total blöd. Ich bekomme einfach den Task-Manager nicht aktiviert. Habe alles probiert, anpassen, wieder herstellen usw. Es geht nicht. Was soll ich machen? Gruß Tulip |
|
|
||
20.11.2005, 12:43
Ehrenmitglied
Beiträge: 29434 |
#18
Hallo tulip
start-->Ausfuehren--> regedit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr = "dword:00000001"<--auf 0 stellen DisableRegistryTools = "dword:00000001" <---auf 0 stellen PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2005, 16:07
...neu hier
Beiträge: 2 |
#19
Hallo Sabina,
habe heute endlich die Nase voll von dem Winfixer, egal was ich mache... er kommt immer wieder!!! Ich habe gesehen das Du die Rettung für mein Problem bist :-)) Und ich habe zwei Probleme, 1. Winfixer, 2. keinen Plan von Computern!!! Ich habe einiges verfolgt und mir auch diesen Hijack runtergeladen, hier die Daten??? Logfile of HijackThis v1.99.1 Scan saved at 15:55:37, on 20.11.2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\locator.exe C:\WINNT\Explorer.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINNT\System32\internat.exe C:\WINNT\System32\cidaemon.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\WinFixer 2005\WFX5.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Michael\LOKALE~1\Temp\Rar$EX02.090\HijackThis.exe C:\WINNT\system32\NOTEPAD.EXE C:\WINNT\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EreG] C:\WINNT\xurvd.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [WinFixer 2005] "C:\Programme\WinFixer 2005\WFX5.exe" /scan O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker.exe O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://turnier.freenet.de/midasa.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_Crac*hier nicht!*.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EB42D655-FCA9-44E3-8278-A6F4C012083C}: NameServer = 192.168.0.1 O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe Kannst Du mir damit weiterhelfen?? Liebe Grüße Jessy |
|
|
||
20.11.2005, 16:51
Ehrenmitglied
Beiträge: 29434 |
#20
Jessy48
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [EreG] C:\WINNT\xurvd.exe O4 - HKCU\..\Run: [WinFixer 2005] "C:\Programme\WinFixer 2005\WFX5.exe" /scan O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab PC neustarten Killbox http://virus-protect.org/killbox.html DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Programme\WinFixer 2005 loesche. C:\WINNT\xurvd.exe wende CleanUp an http://virus-protect.org/cleanup.html suche einen Eintrag, aehnlich oder gleich wie diesem und loesche ihn, falls du ihn findest C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe C:\WINNT\Downloaded Program Files\UWFX5UNetInstaller.exe C:\WINNT\Downloaded Program Files\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe counterspy http://virus-protect.org/counterspy.html Klicke: "Run a Spyware Scan Now" - nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum) Download Registry Search http://www.bleepingcomputer.com/files/regsearch.php by Bobbi Flekman und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) WinFixer 2005 in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. ------------------ Winfixer -Info http://virus-protect.org/artikel/spyware/winfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2005, 17:05
...neu hier
Beiträge: 5 |
#21
Hi Sabina,
kann "c:\windows\system32\uninstal.exe" nicht löschen. Die Datei ist einfach nicht zu finden. Kann auch nicht "mit panda scannen", da meine Internet-Sicherheitsvorkehrungen dies nicht zulassen. Bin auch nicht Fachmann genug, hier irgend welche komplizierten Einstellungen vorzunehmen. Die Handlungsanweisung im "Zitat" lässt auch nicht den Inhalt des Gerätemanagers wieder erscheinen. Und das gemäß des LINK's angebotene Forum verweist auf ein WIN-Update KB 905749 als Übertäter. Habe dieses Update bereits am 15.10.05 durchgeführt, der Inhalt des Ger-Managers fehlt aber erst seit 3 Tagen. Ich komme einfach nicht weiter. Hast Du noch eine Idee? Kann mir vielleicht die Reparaturfunktion von Windows weiterhelfen? Vielen Dank MfG aschelle |
|
|
||
20.11.2005, 17:35
Ehrenmitglied
Beiträge: 29434 |
#22
aschelle
ja die Reparatur von Windows (oder gleich C;\ platt machen und C:\ formatieren ist eine gute Idee, versuche es mal und dann berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2005, 18:19
...neu hier
Beiträge: 2 |
#23
Hallo,
das ist echt der Hammer was mein Computer alles hatte!!! Counterspy: Spyware Scan Details Start Date: 20.11.2005 17:30:00 End Date: 20.11.2005 18:07:28 Total Time: 37 mins 28 secs Detected spyware IST.ISTbar Browser Hijacker more information... Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar. Status: Deleted Infected files detected c:\programme\sidefind\sfbho.dll Infected registry entries detected HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist InstallDate 2005-10-03 07:38:21 HKEY_CURRENT_USER\software\ist account_id 1001693 HKEY_CURRENT_USER\software\ist config ysb_Crac*hier nicht!*_3 HKEY_CURRENT_USER\software\ist Recover !ZpHc„ ž-SÖ¬²r×Í$’/X5(¥¢ÓaÌæ;w«`ñÞ9lâñÐhu‡EÐìÝ ö!<ãSÈ|î£N€öé|}y¤Ô¢îŠ5Ý+Lo@FñcŠt£§ðEë¿äL:¤9Ý¡"b…X²Ô¾G‚S]:ŸËúèÀ÷5>Ž.ñ‚懔Œ]4óõG HKEY_CURRENT_USER\software\ist referer http%3A//www.Seri*hier nicht!*.com/%3Fs%3Dnorton+2006 HKEY_CURRENT_USER\software\ist exe_start 2 HKEY_CURRENT_USER\Software\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINNT\wsem303.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510393 4186260669 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18679 4186155765 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510410 4186339264 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi24 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29748078,1704052912 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-4954ee6c6b284fcf3c79e584 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1128324995 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1130956272 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 1345,5 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RemovedPrograms NE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127758588973894640 1708|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127759225111618816 1668|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127759367711374016 1428|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127760275235256080 1668|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127760789544200976 1708|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127760915687586256 1428|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127761164903636096 1668|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127761673928978528 1708|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127761847468687184 1428|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127762581321804144 1668|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127762736898018400 1428|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127763497898567184 1708|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127764279228193840 1428|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127764440553967952 1668|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127764573864407136 1708|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127765155016787856 1766|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127765281378587200 1428|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127765407398581392 1668|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127766344568538032 1428|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127767030160016512 1668|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127767197659840624 1708|86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc version 1024 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_name istsvc.exe HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_url http://cache.ysbweb.com/ist/softwares/istupdates/istsvc_updater.exe HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc ui 693A9DE5-0DA1-49d5-805E-85BDC13AD23A HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_initial_delay 600 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_count 92 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_count 2 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_limit 3 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_count 0 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_version 1024 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_count 96 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc account_id 1001693 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_date HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_interval 12600 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_last HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_interval 86400 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_last HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_interval 432000 HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_last HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} YourSiteBar Spyware more information... Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar. Status: Deleted Infected files detected c:\programme\yoursitebar\imagemap_normal.bmp c:\programme\yoursitebar\version.txt c:\programme\yoursitebar\yoursitebar.xml c:\winnt\downloaded program files\ysbactivex.dll Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 C:\WINNT\Downloaded Program Files\YSBactivex.dll HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID YSBactivex.Installer HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} Installer Class HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} YourSiteBar HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} YourSiteBar HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer Installer Class HKEY_CLASSES_ROOT\Ysbactivex.installer HKEY_CLASSES_ROOT\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\Ysbactivex.installer Installer Class HKEY_CLASSES_ROOT\YSBactivex.Installer HKEY_CLASSES_ROOT\YSBactivex.Installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658} HKEY_CLASSES_ROOT\YSBactivex.Installer Installer Class SurfAccuracy Adware more information... Status: Deleted Infected files detected c:\programme\surfaccuracy\license.lnk c:\programme\surfaccuracy\sacc.cfg c:\programme\surfaccuracy\sacc.exe Infected registry entries detected HKEY_LOCAL_MACHINE\Software\SAcc HKEY_LOCAL_MACHINE\Software\SAcc accid 104 HKEY_LOCAL_MACHINE\Software\SAcc subaccid 806 HKEY_LOCAL_MACHINE\Software\SAcc Version 1116 HKEY_LOCAL_MACHINE\Software\SAcc InstallDate 1130608263 HKEY_LOCAL_MACHINE\Software\SAcc CfgReloadAttempts 2 HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1132521018 HKEY_LOCAL_MACHINE\Software\SAcc SAData uid:fc499010658283cfe65853c8591478af-cnt:101-t:1132477214;1132496106;1132497301;-c:1516775;ce:1132563614|c:1517367;ce:1132582506|c:1517524;ce:1132583701|- HKEY_LOCAL_MACHINE\Software\SAcc Counter 84 HKEY_LOCAL_MACHINE\Software\SAcc NextInvoke 1132498409 IST.SideFind Adware more information... Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons. Status: Deleted Infected files detected c:\programme\sidefind\sfbho.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671} HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807} HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind shoppingautosearch true HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind webautosearch true HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0 SideFind 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0 BrowserHelperObject 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0 SideFind 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0 BrowserHelperObject 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind shoppingautosearch true HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind webautosearch true misc.winsoftware.winfixer Misc more information... Details: Typically part of a bundle attack, WinFixer is a disabled, data repair utility that nags the user to purchase. Status: Deleted Infected files detected c:\winnt\system32\drivers\df_kmd.sys C:\Programme\Gemeinsame Dateien\WinSoftware\CrXML.dll c:\programme\gemeinsame dateien\winsoftware\pcheck.dll Infected registry entries detected HKEY_CURRENT_USER\Software\WinSoftware HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} CheckProduct2 HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} ICheckProduct HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinSoftware\ HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware Winfixer Potentially Unwanted Software more information... Details: Winfixer is known to be installed through inappropriate bundling and without users consent. It is a software that scans the users system for damaged files and attempts to fix it if the user pays a fee. Status: Deleted Infected files detected C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll C:\WINNT\Downloaded Program Files\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.1\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.10\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.11\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.2\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.3\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.4\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.5\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.6\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.7\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.8\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\Downloaded Program Files\CONFLICT.9\UWFX5U_0001_LPNetInstaller.exe C:\WINNT\system32\drivers\df_kmd.sys Infected registry entries detected HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class HKEY_CURRENT_USER\Software\WinSoftware HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_LOCAL_MACHINE\Software\WinSoftware AvenueMedia.DyFuCA Browser Plug-in more information... Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. Status: Deleted Infected registry entries detected HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32 C:\WINNT\wsem303.dll HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} BHObj Class HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINNT\wsem303.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510393 4186260669 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18679 4186155765 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510410 4186339264 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINNT\wsem303.dll HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4186767810 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510393 4186260669 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18679 4186155765 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510410 4186339264 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi24 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29748078,1704052912 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-4954ee6c6b284fcf3c79e584 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1128324995 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1130956272 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 1345,5 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RemovedPrograms NE HKEY_LOCAL_MACHINE\software\avenue media HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 Version 3.0.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert Version 3.0.1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 Version 3.0.3 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 Version 3.0.3 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 RawData HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 Data HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 DiffAll Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 Version 3.0.3 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE Version 3.0.3 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE ModuleFileName C:\WINNT\wsem303.dll HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2527 4186767810 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2526 4186767810 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2525 4186767810 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510393 4186260669 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18679 4186155765 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510410 4186339264 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi24 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.5 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29748078,1704052912 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 43200 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-4954ee6c6b284fcf3c79e584 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1128324995 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1130956272 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 1345,5 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024 HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RemovedPrograms NE HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc} HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\0\win32 C:\WINNT\wsem303.dll HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\HELPDIR C:\WINNT\ HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0 DyFuCA_BH 1.0 Type Library HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1 HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1\CLSID {CEA206E8-8057-4A04-ACE9-FF0D69A92297} HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1 SinkObj Class HKEY_CLASSES_ROOT\dyfuca_bh.bhobj HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CurVer DyFuCA_BH.BHObj.1 HKEY_CLASSES_ROOT\dyfuca_bh.bhobj BHObj Class HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj\CLSID {CEA206E8-8057-4A04-ACE9-FF0D69A92297} HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj\CurVer DyFuCA_BH.SinkObj.1 HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj SinkObj Class HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES HKEY_CURRENT_USER\Software\Policies\Avenue Media HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media HKEY_CURRENT_USER\Software\Avenue Media MoneyTree Dialer more information... Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\InprocServer32 C:\WINNT\wsem303.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\ProgID DyFuCA_BH.SinkObj.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\VersionIndependentProgID DyFuCA_BH.SinkObj HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} SinkObj Class HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\InprocServer32 C:\WINNT\wsem303.dll HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\InprocServer32 ThreadingModel Apartment HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ProgID DyFuCA_BH.BHObj.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\VersionIndependentProgID DyFuCA_BH.BHObj HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} BHObj Class Xrenoder Browser Plug-in more information... Details: Xrenoder is a multi faceted Trojan. It is an Internet Explorer-Toolbar, homepage and search hijacker which resets your browser's home page and search settings to point to other affiliate sites. Xrenoder also displays pornographic popup ads. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\istsvc HKEY_LOCAL_MACHINE\software\istsvc\history 127758588973894640 1708|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127759225111618816 1668|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127759367711374016 1428|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127760275235256080 1668|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127760789544200976 1708|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127760915687586256 1428|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127761164903636096 1668|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127761673928978528 1708|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127761847468687184 1428|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127762581321804144 1668|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127762736898018400 1428|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127763497898567184 1708|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127764279228193840 1428|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127764440553967952 1668|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127764573864407136 1708|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127765155016787856 1766|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127765281378587200 1428|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127765407398581392 1668|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127766344568538032 1428|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127767030160016512 1668|86400 HKEY_LOCAL_MACHINE\software\istsvc\history 127767197659840624 1708|86400 HKEY_LOCAL_MACHINE\software\istsvc version 1024 HKEY_LOCAL_MACHINE\software\istsvc app_name istsvc.exe HKEY_LOCAL_MACHINE\software\istsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php HKEY_LOCAL_MACHINE\software\istsvc update_url http://cache.ysbweb.com/ist/softwares/istupdates/istsvc_updater.exe HKEY_LOCAL_MACHINE\software\istsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php HKEY_LOCAL_MACHINE\software\istsvc ui 693A9DE5-0DA1-49d5-805E-85BDC13AD23A HKEY_LOCAL_MACHINE\software\istsvc popup_initial_delay 600 HKEY_LOCAL_MACHINE\software\istsvc popup_count 92 HKEY_LOCAL_MACHINE\software\istsvc popup_day_count 2 HKEY_LOCAL_MACHINE\software\istsvc popup_day_limit 3 HKEY_LOCAL_MACHINE\software\istsvc update_count 0 HKEY_LOCAL_MACHINE\software\istsvc update_version 1024 HKEY_LOCAL_MACHINE\software\istsvc config_count 96 HKEY_LOCAL_MACHINE\software\istsvc account_id 1001693 HKEY_LOCAL_MACHINE\software\istsvc app_date HKEY_LOCAL_MACHINE\software\istsvc popup_interval 12600 HKEY_LOCAL_MACHINE\software\istsvc popup_last HKEY_LOCAL_MACHINE\software\istsvc update_interval 86400 HKEY_LOCAL_MACHINE\software\istsvc update_last HKEY_LOCAL_MACHINE\software\istsvc config_interval 432000 HKEY_LOCAL_MACHINE\software\istsvc config_last HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959} Internet Optimizer Browser Hijacker more information... Details: Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\software\avenue media HKEY_LOCAL_MACHINE\software\policies\avenue media HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671} HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout DComment YES IST.PowerScan Adware more information... Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist InstallDate 2005-10-03 07:38:21 HKEY_CURRENT_USER\software\ist account_id 1001693 HKEY_CURRENT_USER\software\ist config ysb_Crac*hier nicht!*_3 HKEY_CURRENT_USER\software\ist Recover !ZpHc„ ž-SÖ¬²r×Í$’/X5(¥¢ÓaÌæ;w«`ñÞ9lâñÐhu‡EÐìÝ ö!<ãSÈ|î£N€öé|}y¤Ô¢îŠ5Ý+Lo@FñcŠt£§ðEë¿äL:¤9Ý¡"b…X²Ô¾G‚S]:ŸËúèÀ÷5>Ž.ñ‚懔Œ]4óõG HKEY_CURRENT_USER\software\ist referer http%3A//www.Seri*hier nicht!*.com/%3Fs%3Dnorton+2006 HKEY_CURRENT_USER\software\ist exe_start 2 IST.SlotchBar Toolbar more information... Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\IST HKEY_CURRENT_USER\Software\IST InstallDate 2005-10-03 07:38:21 HKEY_CURRENT_USER\Software\IST account_id 1001693 HKEY_CURRENT_USER\Software\IST config ysb_Crac*hier nicht!*_3 HKEY_CURRENT_USER\Software\IST Recover !ZpHc„ ž-SÖ¬²r×Í$’/X5(¥¢ÓaÌæ;w«`ñÞ9lâñÐhu‡EÐìÝ ö!<ãSÈ|î£N€öé|}y¤Ô¢îŠ5Ý+Lo@FñcŠt£§ðEë¿äL:¤9Ý¡"b…X²Ô¾G‚S]:ŸËúèÀ÷5>Ž.ñ‚懔Œ]4óõG HKEY_CURRENT_USER\Software\IST referer http%3A//www.Seri*hier nicht!*.com/%3Fs%3Dnorton+2006 HKEY_CURRENT_USER\Software\IST exe_start 2 IST.XXXToolbar Toolbar more information... Details: Adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running. Status: Deleted Infected files detected C:\Programme\SideFind\sfbho.dll Infected registry entries detected HKEY_CURRENT_USER\Software\IST HKEY_CURRENT_USER\Software\IST InstallDate 2005-10-03 07:38:21 HKEY_CURRENT_USER\Software\IST account_id 1001693 HKEY_CURRENT_USER\Software\IST config ysb_Crac*hier nicht!*_3 HKEY_CURRENT_USER\Software\IST Recover !ZpHc„ ž-SÖ¬²r×Í$’/X5(¥¢ÓaÌæ;w«`ñÞ9lâñÐhu‡EÐìÝ ö!<ãSÈ|î£N€öé|}y¤Ô¢îŠ5Ý+Lo@FñcŠt£§ðEë¿äL:¤9Ý¡"b…X²Ô¾G‚S]:ŸËúèÀ÷5>Ž.ñ‚懔Œ]4óõG HKEY_CURRENT_USER\Software\IST referer http%3A//www.Seri*hier nicht!*.com/%3Fs%3Dnorton+2006 HKEY_CURRENT_USER\Software\IST exe_start 2 HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA} HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0 HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\ HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library WildTangent Low Risk Adware more information... Details: WildTangent is an online gaming plugin bundle from Wildtangent.com similar to Macromedia’s flash. WildTangent uses a built in required feature that is used to provide adware based advertising to the user. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\wildtangent Adw.WinSoftware.WinAntiSpyware Adware more information... Details: Adw.WinSoftware.WinAnitspyware is a rogue antispyware product which pesters users with scareware tactics to purchase the product. Status: Deleted Infected files detected c:\programme\gemeinsame dateien\winsoftware\pcheck.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinSoftware\ HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library HKEY_CURRENT_USER\Software\WinSoftware HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} CheckProduct2 HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1 HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} ICheckProduct HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B} HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinSoftware\ HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware Bleeping: REGEDIT4 ; Registry Search by Bobbi Flekman ; Version: 1.0.2.1 ; Results at 20.11.2005 18:16:32 for strings: ; 'winfixer 2005' ; Strings excluded from search: ; 'winfixer 2005' ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... Und nun?? Ist er wieder gesund? Jessy |
|
|
||
20.11.2005, 18:28
Ehrenmitglied
Beiträge: 29434 |
#24
Jessy48
ja ..... nun muesste alles wieder gesund sein http://virus-protect.org/artikel/spyware/winfix.html TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.11.2005, 20:36
...neu hier
Themenstarter Beiträge: 6 |
#25
Hallo Sabina,
zunächst möchte ich mich noch einmal bedanken. Ich hoffe, dass ich jetzt zurecht komme. Grüße Tulip |
|
|
||
20.11.2005, 20:56
...neu hier
Beiträge: 1 |
#26
Hallo Sabina!
Ich bin schon vollkommen verzweifelt!!! Habe alles ausprobiert aber dieser doofe Cookie von Winfixer geht immmer wieder auf. Ich habe bereits Hijackthis heruntergeladen, wobei dies herauskommt: Logfile of HijackThis v1.99.1 Scan saved at 20:54:00, on 20.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\Programme\ewido\security suite\ewidoguard.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\Programme\Intel\Modem Event Monitor\IntelMEM.exe C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe C:\Programme\QuickTime\qttask.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\Programme\AVPersonal\AVGNT.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\AOL 9.0\aoltray.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\WinZip\winzip32.exe C:\unzipped\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.just-whitney.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://de.mcafee.com/apps/vso/de/vso9/default.asp?affid=105-38&dtag=36yqh1j O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljji.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IntelMeM] C:\Programme\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZDogTS5] C:\WINDOWS\gishh.exe O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe O4 - HKLM\..\Run: [Á³#L"h'þ9Óœð3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\gishh.exe O4 - HKLM\..\Run: [epgdut] C:\WINDOWS\epgdut.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\Kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [NI.UWFX5U] "C:\Dokumente und Einstellungen\Katarzyna\Desktop\WinFixer2005ScannerInstallDE.exe" O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kffk] C:\PROGRA~1\COMMON~1\kffk\kffkm.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Download All by FlashGet - C:\Downloads\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Downloads\jc_link.htm O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132506625812 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe Ich verstehe NICHTS mehr!!!! Kannst DU oder jemand anders mir helfen???? Bitte!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Gruß, Kati |
|
|
||
20.11.2005, 21:05
Ehrenmitglied
Beiträge: 29434 |
#27
Hallo@ KataKo23
Info: Winfixer http://virus-protect.org/artikel/spyware/winfix.html ------------------------------------------------------------------------------- VundoFix.exe http://www.atribune.org/downloads/VundoFix.exe http://virus-protect.org/artikel/tools/vundofix.html reinkopieren: C:\WINDOWS\system32\mljji.dll # Enter -> F6 --> Enter # dann wird erscheinen: Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix. # Enter --> dann die F6 Taste --> Enter reinkopieren: C:\WINDOWS\system32\ijjlm.* # Enter --> F6 --> Enter # HijackThis wird sich oeffnen # In HijackThis --> Haekchen setzen vor diese Eintraege --> FIX CHECKED: O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljji.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [ZDogTS5] C:\WINDOWS\gishh.exe O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe O4 - HKLM\..\Run: [Á³#L"h'þ9Óœð3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\gishh.exe O4 - HKLM\..\Run: [epgdut] C:\WINDOWS\epgdut.exe O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\Kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [NI.UWFX5U] "C:\Dokumente und Einstellungen\Katarzyna\Desktop\WinFixer2005ScannerInstallDE.exe" O4 - HKCU\..\Run: [kffk] C:\PROGRA~1\COMMON~1\kffk\kffkm.exe O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll # schliesse Hijackthis, druecke irgendeine Taste und der PC wird neustarten # es wird einen"Blue Screen of Death" geben, das ist normal KILLBOX http://virus-protect.org/killbox.html Delete File on Reboot -- anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\PROGRA~1\COMMON~1\kffk\kffkm.exe C:\WINDOWS\system32\drivers\df_kmd.sys c:\programme\gemeinsame dateien\winsoftware\pcheck.dll C:\Dokumente und Einstellungen\Katarzyna\Desktop\WinFixer2005ScannerInstallDE.exe C:\PROGRA~1\COMMON~1\tsa\tsl2.exe C:\WINDOWS\epgdut.exe C:\WINDOWS\gishh.exe PC neustarten Killbox DelTree (include SubDirectories) Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories). Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht. C:\Programme\ISTsvc C:\PROGRA~1\COMMON~1\kffk C:\PROGRA~1\COMMON~1\tsa c:\programme\gemeinsame dateien\winsoftware C:\Programme\Kazaa Virenscanner Counterspy anwenden http://virus-protect.org/counterspy.html nach dem Scan muss man sich entscheiden für: *Ignore *Remove *Quarantaine wähle immer Remove und starte den PC neu loesche alle temp-Dateien mit CCleaner http://virus-protect.org/temp.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.11.2005, 11:18
...neu hier
Beiträge: 2 |
#28
Hi Sabina,
danke für deine Antwort vom 06.11. im anderen Thread (http://board.protecus.de/t18748-13.htm). War leider ne Zeit lang nicht online. Habe mittlerweile die LSPfix.exe ausgeführt. Die Systemwiederherstellung konnte ich noch nicht machen, da die Maschine in Englisch aufgesetzt ist und ich das hier nicht gefunden habe Weißt du auch, wie ich das hier finde? Wäre super lieb... Hier erstmal der neueste hijackthis.log: Logfile of HijackThis v1.99.1 Scan saved at 11:03:46, on 21.11.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\NETSUP~1\client32.exe C:\Winprog\VirusScan\mcshield.exe C:\Winprog\VirusScan\vstskmgr.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\igfxtray.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINNT\system32\NWTRAY.EXE C:\Winprog\VirusScan\SHSTAT.EXE C:\Program Files\SurfAccuracy\SAcc.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe C:\Program Files\QuickTime\qttask.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Winprog\Citrix\ICA Client\Wfcrun32.exe C:\Program Files\Netinst\NiAgnt32.exe C:\Winprog\Citrix\ICACLI~1\WFICA32.EXE C:\WINNT\System32\SCardSvr.exe C:\ClarifyCRM\eFrontOffice11.5\ClarifyClient\clarify.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\aygeral.OAAD\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\winprog\adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [ShStatEXE] "C:\Winprog\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [ioaoheej] C:\WINNT\system32\ioaoheej.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [seclogon] C:\WINNT\system32\seclogon.exe O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\sais.exe" O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZHxdm011XXDE O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c18.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: O17 - HKLM\System\CS1\Services\Tcpip\Parameters: O17 - HKLM\System\CS2\Services\Tcpip\Parameters: O17 - HKLM\System\CS2\Services\Tcpip\Parameters: O17 - HKLM\System\CCS\Services\Tcpip\Parameters: O20 - AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Winprog\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Winprog\VirusScan\vstskmgr.exe O23 - Service: NetInstall Service (NIAIServ) - NetSupport GmbH - C:\Program Files\NetInst\NiAiServ.exe O23 - Service: NetInstall Executive (NiExServ) - NetSupport GmbH - C:\Program Files\NetInst\NiExServ.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\BIN\ONRSD.EXE |
|
|
||
21.11.2005, 12:25
Ehrenmitglied
Beiträge: 29434 |
#29
gerry81
LSPfix http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing"--Remove und loesche die newdotnet6_98.dll (eventuell musst du die dll von links nach rechts bringen) Start--> Help and Support-->undo changes to your computer with the System Restore --> dort waehlst du einen Tag (Herstellungspunkt) soweit zurueck wie moeglich, der PC wird neustarten, dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.11.2005, 15:30
...neu hier
Beiträge: 2 |
#30
Hallo Sabrina,
ist mir schon fast peinlich, dass ich so gar keine Ahnung von PC's habe, deshalb hoffe ich wirklich, dass Du mir vielleicht bei meinem WinFixer Problem helfen kannst, ich bin da deswegen echt schon völlig entnervt ...Ich hab mich hier mal ein wenig umgesehen und gesehen,dass der erste Schritt also HiJackThis ist,das hab ich runtergeladen und hier ist also der Log: Logfile of HijackThis v1.99.1 Scan saved at 15:15:35, on 21.11.05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\CMMPU.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\HPOOPM07.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE C:\PROGRAMME\SURFACCURACY\SACC.EXE C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\STARTMENü\HIJACK\1_99_1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL F1 - win.ini: run=c:\windows\SYSTEM\cmmpu.exe O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [OEMRNCD] C:\WINDOWS\OPTIONS\CABS\OEMRNCD.EXE O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\SAHAGENT.EXE run O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE\ICQLITE.EXE -trayboot O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite\ICQLite.exe O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://fred.gibraltarapes.com/download/dialer/eu_cax.cab O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.download-url.de/StarInstall.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab So,wie geht's jetzt weiter,was soll ich jetzt machen??? |
|
|
||
loesche:
c:\windows\system32\uninstal.exe
scanne noch mal mit counterspy
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
-------------------------------
scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
Zitat
__________
MfG Sabina
rund um die PC-Sicherheit