Entfernen des WinFixer

#0
20.11.2005, 12:19
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 aschelle

loesche:
c:\windows\system32\uninstal.exe

scanne noch mal mit counterspy

nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
-------------------------------

scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html

Zitat

Starten Sie unter "Systemsteuerung" -> "Verwaltung" die "Computerverwaltung". Klicken Sie hier unter "System" mit der rechten Maustaste auf den "Geräte-Manager" und wählen Sie "Ansicht". Aktivieren Sie hier "Ausgeblendete Geräte anzeigen".
Jetzt werden im Gerätemanager alle erkannten Geräte angezeigt.
http://www.wcm.at/forum/showthread.php?threadid=178445

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.11.2005, 12:40
...neu hier

Themenstarter

Beiträge: 6
#17 Hallo,
ich oute mich jetzt mal als total blöd. Ich bekomme einfach den Task-Manager nicht aktiviert. Habe alles probiert, anpassen, wieder herstellen usw. Es geht nicht.
Was soll ich machen?
Gruß
Tulip
Seitenanfang Seitenende
20.11.2005, 12:43
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 Hallo tulip

start-->Ausfuehren--> regedit

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


DisableTaskMgr = "dword:00000001"<--auf 0 stellen
DisableRegistryTools = "dword:00000001" <---auf 0 stellen

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.11.2005, 16:07
...neu hier

Beiträge: 2
#19 Hallo Sabina,
habe heute endlich die Nase voll von dem Winfixer, egal was ich mache... er kommt immer wieder!!!
Ich habe gesehen das Du die Rettung für mein Problem bist :-)) Und ich habe zwei Probleme, 1. Winfixer, 2. keinen Plan von Computern!!!
Ich habe einiges verfolgt und mir auch diesen Hijack runtergeladen, hier die Daten???

Logfile of HijackThis v1.99.1
Scan saved at 15:55:37, on 20.11.2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\locator.exe
C:\WINNT\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINNT\System32\internat.exe
C:\WINNT\System32\cidaemon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\WinFixer 2005\WFX5.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Michael\LOKALE~1\Temp\Rar$EX02.090\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EreG] C:\WINNT\xurvd.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Programme\WinFixer 2005\WFX5.exe" /scan
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyPoker\PartyPoker.exe
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://turnier.freenet.de/midasa.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_Crac*hier nicht!*.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB42D655-FCA9-44E3-8278-A6F4C012083C}: NameServer = 192.168.0.1
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

Kannst Du mir damit weiterhelfen??

Liebe Grüße
Jessy
Seitenanfang Seitenende
20.11.2005, 16:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#20 Jessy48

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [EreG] C:\WINNT\xurvd.exe
O4 - HKCU\..\Run: [WinFixer 2005] "C:\Programme\WinFixer 2005\WFX5.exe" /scan
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

PC neustarten

Killbox
http://virus-protect.org/killbox.html
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

C:\Programme\WinFixer 2005

loesche.
C:\WINNT\xurvd.exe

wende CleanUp an
http://virus-protect.org/cleanup.html

suche einen Eintrag, aehnlich oder gleich wie diesem und loesche ihn, falls du ihn findest
C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0802NetInstaller.exe
C:\WINNT\Downloaded Program Files\UWFX5UNetInstaller.exe
C:\WINNT\Downloaded Program Files\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe

counterspy
http://virus-protect.org/counterspy.html
Klicke: "Run a Spyware Scan Now"
- nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)

Download Registry Search
http://www.bleepingcomputer.com/files/regsearch.php
by Bobbi Flekman und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

WinFixer 2005


in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

------------------
Winfixer -Info ;)
http://virus-protect.org/artikel/spyware/winfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.11.2005, 17:05
...neu hier

Beiträge: 5
#21 Hi Sabina,

kann "c:\windows\system32\uninstal.exe" nicht löschen. Die Datei ist einfach nicht zu finden. Kann auch nicht "mit panda scannen", da meine Internet-Sicherheitsvorkehrungen dies nicht zulassen. Bin auch nicht Fachmann genug, hier irgend welche komplizierten Einstellungen vorzunehmen. Die Handlungsanweisung im "Zitat" lässt auch nicht den Inhalt des Gerätemanagers wieder erscheinen. Und das gemäß des LINK's angebotene Forum verweist auf ein WIN-Update KB 905749 als Übertäter. Habe dieses Update bereits am 15.10.05 durchgeführt, der Inhalt des Ger-Managers fehlt aber erst seit 3 Tagen. Ich komme einfach nicht weiter. Hast Du noch eine Idee? Kann mir vielleicht die Reparaturfunktion von Windows weiterhelfen?
Vielen Dank
MfG aschelle
Seitenanfang Seitenende
20.11.2005, 17:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 aschelle

ja die Reparatur von Windows (oder gleich C;\ platt machen und C:\ formatieren ist eine gute Idee, versuche es mal und dann berichte ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.11.2005, 18:19
...neu hier

Beiträge: 2
#23 Hallo,

das ist echt der Hammer was mein Computer alles hatte!!!

Counterspy:

Spyware Scan Details
Start Date: 20.11.2005 17:30:00
End Date: 20.11.2005 18:07:28
Total Time: 37 mins 28 secs

Detected spyware

IST.ISTbar Browser Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected files detected
c:\programme\sidefind\sfbho.dll

Infected registry entries detected
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist InstallDate 2005-10-03 07:38:21
HKEY_CURRENT_USER\software\ist account_id 1001693
HKEY_CURRENT_USER\software\ist config ysb_Crac*hier nicht!*_3
HKEY_CURRENT_USER\software\ist Recover !ZpHc„ ž-SÖ¬²r×Í$’/X5(¥¢ÓaÌæ;w­«`ñÞ9lâñÐhu‡EÐìÝ ö!<ãSÈ|î£N€öé|}y¤Ô¢îŠ5Ý+Lo@FñcŠt£§ðEë¿äL:¤9Ý¡"b…X²Ô¾G‚S]:ŸËúèÀ÷5>Ž.ñ‚懔Œ]4óõG
HKEY_CURRENT_USER\software\ist referer http%3A//www.Seri*hier nicht!*.com/%3Fs%3Dnorton+2006
HKEY_CURRENT_USER\software\ist exe_start 2
HKEY_CURRENT_USER\Software\Avenue Media
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINNT\wsem303.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510393 4186260669
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18679 4186155765
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510410 4186339264
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi24
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29748078,1704052912
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-4954ee6c6b284fcf3c79e584
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1128324995
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1130956272
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 1345,5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RemovedPrograms NE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127758588973894640 1708|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127759225111618816 1668|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127759367711374016 1428|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127760275235256080 1668|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127760789544200976 1708|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127760915687586256 1428|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127761164903636096 1668|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127761673928978528 1708|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127761847468687184 1428|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127762581321804144 1668|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127762736898018400 1428|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127763497898567184 1708|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127764279228193840 1428|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127764440553967952 1668|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127764573864407136 1708|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127765155016787856 1766|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127765281378587200 1428|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127765407398581392 1668|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127766344568538032 1428|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127767030160016512 1668|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc\history 127767197659840624 1708|86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc version 1024
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_name istsvc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_url http://cache.ysbweb.com/ist/softwares/istupdates/istsvc_updater.exe
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc ui 693A9DE5-0DA1-49d5-805E-85BDC13AD23A
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_initial_delay 600
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_count 92
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_count 2
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_day_limit 3
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_count 0
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_version 1024
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_count 96
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc account_id 1001693
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc app_date
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_interval 12600
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc popup_last
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_interval 86400
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc update_last
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_interval 432000
HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc config_last
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}


YourSiteBar Spyware more information...
Details: YourSiteBar from IST, the makers of numerous spyware Thread, is an affiliate based marketing toolbar.
Status: Deleted

Infected files detected
c:\programme\yoursitebar\imagemap_normal.bmp
c:\programme\yoursitebar\version.txt
c:\programme\yoursitebar\yoursitebar.xml
c:\winnt\downloaded program files\ysbactivex.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 C:\WINNT\Downloaded Program Files\YSBactivex.dll
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}\ProgID YSBactivex.Installer
HKEY_CLASSES_ROOT\clsid\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658} Installer Class
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
HKEY_CLASSES_ROOT\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} YourSiteBar
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
HKEY_LOCAL_MACHINE\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686} YourSiteBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Ysbactivex.installer Installer Class
HKEY_CLASSES_ROOT\Ysbactivex.installer
HKEY_CLASSES_ROOT\Ysbactivex.installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\Ysbactivex.installer Installer Class
HKEY_CLASSES_ROOT\YSBactivex.Installer
HKEY_CLASSES_ROOT\YSBactivex.Installer\CLSID {42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_CLASSES_ROOT\YSBactivex.Installer Installer Class


SurfAccuracy Adware more information...
Status: Deleted

Infected files detected
c:\programme\surfaccuracy\license.lnk
c:\programme\surfaccuracy\sacc.cfg
c:\programme\surfaccuracy\sacc.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\Software\SAcc
HKEY_LOCAL_MACHINE\Software\SAcc accid 104
HKEY_LOCAL_MACHINE\Software\SAcc subaccid 806
HKEY_LOCAL_MACHINE\Software\SAcc Version 1116
HKEY_LOCAL_MACHINE\Software\SAcc InstallDate 1130608263
HKEY_LOCAL_MACHINE\Software\SAcc CfgReloadAttempts 2
HKEY_LOCAL_MACHINE\Software\SAcc CfgReload 1132521018
HKEY_LOCAL_MACHINE\Software\SAcc SAData uid:fc499010658283cfe65853c8591478af-cnt:101-t:1132477214;1132496106;1132497301;-c:1516775;ce:1132563614|c:1517367;ce:1132582506|c:1517524;ce:1132583701|-
HKEY_LOCAL_MACHINE\Software\SAcc Counter 84
HKEY_LOCAL_MACHINE\Software\SAcc NextInvoke 1132498409


IST.SideFind Adware more information...
Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons.
Status: Deleted

Infected files detected
c:\programme\sidefind\sfbho.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind shoppingautosearch true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind webautosearch true
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind shoppingautosearch true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind webautosearch true


misc.winsoftware.winfixer Misc more information...
Details: Typically part of a bundle attack, WinFixer is a disabled, data repair utility that nags the user to purchase.
Status: Deleted

Infected files detected
c:\winnt\system32\drivers\df_kmd.sys
C:\Programme\Gemeinsame Dateien\WinSoftware\CrXML.dll
c:\programme\gemeinsame dateien\winsoftware\pcheck.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\WinSoftware
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} CheckProduct2
HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL
HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} ICheckProduct
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinSoftware\
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware


Winfixer Potentially Unwanted Software more information...
Details: Winfixer is known to be installed through inappropriate bundling and without users consent. It is a software that scans the users system for damaged files and attempts to fix it if the user pays a fee.
Status: Deleted

Infected files detected
C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
C:\WINNT\Downloaded Program Files\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.1\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.10\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.11\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.2\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.3\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.4\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.5\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.6\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.7\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.8\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\Downloaded Program Files\CONFLICT.9\UWFX5U_0001_LPNetInstaller.exe
C:\WINNT\system32\drivers\df_kmd.sys

Infected registry entries detected
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class
HKEY_CURRENT_USER\Software\WinSoftware
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class
HKEY_CLASSES_ROOT\clsid\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_LOCAL_MACHINE\Software\WinSoftware


AvenueMedia.DyFuCA Browser Plug-in more information...
Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32 C:\WINNT\wsem303.dll
HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID DyFuCA_BH.BHObj.1
HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID DyFuCA_BH.BHObj
HKEY_CLASSES_ROOT\clsid\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} BHObj Class
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINNT\wsem303.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510393 4186260669
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18679 4186155765
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510410 4186339264
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 RawData
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Data
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINNT\wsem303.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4186767810
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510393 4186260669
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI18679 4186155765
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510410 4186339264
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi24
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29748078,1704052912
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-4954ee6c6b284fcf3c79e584
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1128324995
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1130956272
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 1345,5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RemovedPrograms NE
HKEY_LOCAL_MACHINE\software\avenue media
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 RawData
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert Version 3.0.1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 RawData
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 Data
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 RawData
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 RawData
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 Data
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE Version 3.0.3
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE ModuleFileName C:\WINNT\wsem303.dll
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2527 4186767810
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2526 4186767810
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2525 4186767810
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510393 4186260669
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI18679 4186155765
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510410 4186339264
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi24
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29748078,1704052912
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 43200
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-4954ee6c6b284fcf3c79e584
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1128324995
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1130956272
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 1345,5
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RemovedPrograms NE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\internet optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\0\win32 C:\WINNT\wsem303.dll
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\HELPDIR C:\WINNT\
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0 DyFuCA_BH 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1\CLSID {CEA206E8-8057-4A04-ACE9-FF0D69A92297}
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1 SinkObj Class
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CurVer DyFuCA_BH.BHObj.1
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj BHObj Class
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj\CLSID {CEA206E8-8057-4A04-ACE9-FF0D69A92297}
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj\CurVer DyFuCA_BH.SinkObj.1
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj SinkObj Class
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES
HKEY_CURRENT_USER\Software\Policies\Avenue Media
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media
HKEY_CURRENT_USER\Software\Avenue Media


MoneyTree Dialer more information...
Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\InprocServer32 C:\WINNT\wsem303.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\ProgID DyFuCA_BH.SinkObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\VersionIndependentProgID DyFuCA_BH.SinkObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} SinkObj Class
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj
HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\InprocServer32 C:\WINNT\wsem303.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ProgID DyFuCA_BH.BHObj.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\VersionIndependentProgID DyFuCA_BH.BHObj
HKEY_LOCAL_MACHINE\software\classes\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} BHObj Class


Xrenoder Browser Plug-in more information...
Details: Xrenoder is a multi faceted Trojan. It is an Internet Explorer-Toolbar, homepage and search hijacker which resets your browser's home page and search settings to point to other affiliate sites. Xrenoder also displays pornographic popup ads.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\istsvc
HKEY_LOCAL_MACHINE\software\istsvc\history 127758588973894640 1708|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127759225111618816 1668|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127759367711374016 1428|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127760275235256080 1668|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127760789544200976 1708|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127760915687586256 1428|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127761164903636096 1668|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127761673928978528 1708|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127761847468687184 1428|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127762581321804144 1668|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127762736898018400 1428|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127763497898567184 1708|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127764279228193840 1428|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127764440553967952 1668|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127764573864407136 1708|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127765155016787856 1766|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127765281378587200 1428|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127765407398581392 1668|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127766344568538032 1428|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127767030160016512 1668|86400
HKEY_LOCAL_MACHINE\software\istsvc\history 127767197659840624 1708|86400
HKEY_LOCAL_MACHINE\software\istsvc version 1024
HKEY_LOCAL_MACHINE\software\istsvc app_name istsvc.exe
HKEY_LOCAL_MACHINE\software\istsvc popup_url http://www.ysbweb.com/ist/scripts/istsvc_ads_data.php
HKEY_LOCAL_MACHINE\software\istsvc update_url http://cache.ysbweb.com/ist/softwares/istupdates/istsvc_updater.exe
HKEY_LOCAL_MACHINE\software\istsvc config_url http://www.ysbweb.com/ist/scripts/istsvc_config.php
HKEY_LOCAL_MACHINE\software\istsvc ui 693A9DE5-0DA1-49d5-805E-85BDC13AD23A
HKEY_LOCAL_MACHINE\software\istsvc popup_initial_delay 600
HKEY_LOCAL_MACHINE\software\istsvc popup_count 92
HKEY_LOCAL_MACHINE\software\istsvc popup_day_count 2
HKEY_LOCAL_MACHINE\software\istsvc popup_day_limit 3
HKEY_LOCAL_MACHINE\software\istsvc update_count 0
HKEY_LOCAL_MACHINE\software\istsvc update_version 1024
HKEY_LOCAL_MACHINE\software\istsvc config_count 96
HKEY_LOCAL_MACHINE\software\istsvc account_id 1001693
HKEY_LOCAL_MACHINE\software\istsvc app_date
HKEY_LOCAL_MACHINE\software\istsvc popup_interval 12600
HKEY_LOCAL_MACHINE\software\istsvc popup_last
HKEY_LOCAL_MACHINE\software\istsvc update_interval 86400
HKEY_LOCAL_MACHINE\software\istsvc update_last
HKEY_LOCAL_MACHINE\software\istsvc config_interval 432000
HKEY_LOCAL_MACHINE\software\istsvc config_last
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}


Internet Optimizer Browser Hijacker more information...
Details: Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\software\avenue media
HKEY_LOCAL_MACHINE\software\policies\avenue media
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\Programme\SideFind\sidefind.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer DisplayIcon C:\Program Files\Internet Optimizer\optimize.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout DComment YES


IST.PowerScan Adware more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist InstallDate 2005-10-03 07:38:21
HKEY_CURRENT_USER\software\ist account_id 1001693
HKEY_CURRENT_USER\software\ist config ysb_Crac*hier nicht!*_3
HKEY_CURRENT_USER\software\ist Recover !ZpHc„ ž-SÖ¬²r×Í$’/X5(¥¢ÓaÌæ;w­«`ñÞ9lâñÐhu‡EÐìÝ ö!<ãSÈ|î£N€öé|}y¤Ô¢îŠ5Ý+Lo@FñcŠt£§ðEë¿äL:¤9Ý¡"b…X²Ô¾G‚S]:ŸËúèÀ÷5>Ž.ñ‚懔Œ]4óõG
HKEY_CURRENT_USER\software\ist referer http%3A//www.Seri*hier nicht!*.com/%3Fs%3Dnorton+2006
HKEY_CURRENT_USER\software\ist exe_start 2


IST.SlotchBar Toolbar more information...
Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\IST InstallDate 2005-10-03 07:38:21
HKEY_CURRENT_USER\Software\IST account_id 1001693
HKEY_CURRENT_USER\Software\IST config ysb_Crac*hier nicht!*_3
HKEY_CURRENT_USER\Software\IST Recover !ZpHc„ ž-SÖ¬²r×Í$’/X5(¥¢ÓaÌæ;w­«`ñÞ9lâñÐhu‡EÐìÝ ö!<ãSÈ|î£N€öé|}y¤Ô¢îŠ5Ý+Lo@FñcŠt£§ðEë¿äL:¤9Ý¡"b…X²Ô¾G‚S]:ŸËúèÀ÷5>Ž.ñ‚懔Œ]4óõG
HKEY_CURRENT_USER\Software\IST referer http%3A//www.Seri*hier nicht!*.com/%3Fs%3Dnorton+2006
HKEY_CURRENT_USER\Software\IST exe_start 2


IST.XXXToolbar Toolbar more information...
Details: Adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running.
Status: Deleted

Infected files detected
C:\Programme\SideFind\sfbho.dll

Infected registry entries detected
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\IST InstallDate 2005-10-03 07:38:21
HKEY_CURRENT_USER\Software\IST account_id 1001693
HKEY_CURRENT_USER\Software\IST config ysb_Crac*hier nicht!*_3
HKEY_CURRENT_USER\Software\IST Recover !ZpHc„ ž-SÖ¬²r×Í$’/X5(¥¢ÓaÌæ;w­«`ñÞ9lâñÐhu‡EÐìÝ ö!<ãSÈ|î£N€öé|}y¤Ô¢îŠ5Ý+Lo@FñcŠt£§ðEë¿äL:¤9Ý¡"b…X²Ô¾G‚S]:ŸËúèÀ÷5>Ž.ñ‚懔Œ]4óõG
HKEY_CURRENT_USER\Software\IST referer http%3A//www.Seri*hier nicht!*.com/%3Fs%3Dnorton+2006
HKEY_CURRENT_USER\Software\IST exe_start 2
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\Programme\SideFind\sfbho.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\Programme\SideFind\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library


WildTangent Low Risk Adware more information...
Details: WildTangent is an online gaming plugin bundle from Wildtangent.com similar to Macromedia’s flash. WildTangent uses a built in required feature that is used to provide adware based advertising to the user.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\wildtangent


Adw.WinSoftware.WinAntiSpyware Adware more information...
Details: Adw.WinSoftware.WinAnitspyware is a rogue antispyware product which pesters users with scareware tactics to purchase the product.
Status: Deleted

Infected files detected
c:\programme\gemeinsame dateien\winsoftware\pcheck.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinSoftware\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library
HKEY_CURRENT_USER\Software\WinSoftware
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603} CheckProduct2
HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL
HKEY_CLASSES_ROOT\AppID\CheckProduct2.DLL AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct\CurVer CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct CheckProduct Class
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1\CLSID {C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CheckProduct2.CheckProduct.1 CheckProduct Class
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\ProgID CheckProduct2.CheckProduct.1
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}\VersionIndependentProgID CheckProduct2.CheckProduct
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} CheckProduct Class
HKEY_CLASSES_ROOT\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B} AppID {8C65AEF6-E413-4314-815B-82717A3F1603}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib {30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA} ICheckProduct
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\0\win32 C:\Programme\Gemeinsame Dateien\WinSoftware\PCheck.dll
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0\HELPDIR C:\Programme\Gemeinsame Dateien\WinSoftware\
HKEY_CLASSES_ROOT\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}\1.0 CheckProduct2 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware

Bleeping:


REGEDIT4

; Registry Search by Bobbi Flekman
; Version: 1.0.2.1

; Results at 20.11.2005 18:16:32 for strings:
; 'winfixer 2005'
; Strings excluded from search:
; 'winfixer 2005'
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Und nun?? Ist er wieder gesund?

Jessy
Seitenanfang Seitenende
20.11.2005, 18:28
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 Jessy48

ja .....lol nun muesste alles wieder gesund sein ;)
http://virus-protect.org/artikel/spyware/winfix.html

TuneUp 2006 (30 Tage free) Shareware
http://virus-protect.org/reinigungstoolsregistry.html
wende an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.11.2005, 20:36
...neu hier

Themenstarter

Beiträge: 6
#25 Hallo Sabina,
zunächst möchte ich mich noch einmal bedanken. Ich hoffe, dass ich jetzt zurecht komme.
Grüße
Tulip
Seitenanfang Seitenende
20.11.2005, 20:56
...neu hier

Beiträge: 1
#26 Hallo Sabina!
Ich bin schon vollkommen verzweifelt!!! Habe alles ausprobiert aber dieser doofe Cookie von Winfixer geht immmer wieder auf.
Ich habe bereits Hijackthis heruntergeladen, wobei dies herauskommt:

Logfile of HijackThis v1.99.1
Scan saved at 20:54:00, on 20.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Intel\Modem Event Monitor\IntelMEM.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.just-whitney.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://de.mcafee.com/apps/vso/de/vso9/default.asp?affid=105-38&dtag=36yqh1j
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Programme\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZDogTS5] C:\WINDOWS\gishh.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\gishh.exe
O4 - HKLM\..\Run: [epgdut] C:\WINDOWS\epgdut.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [NI.UWFX5U] "C:\Dokumente und Einstellungen\Katarzyna\Desktop\WinFixer2005ScannerInstallDE.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kffk] C:\PROGRA~1\COMMON~1\kffk\kffkm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Downloads\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Downloads\jc_link.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132506625812
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe

Ich verstehe NICHTS mehr!!!! Kannst DU oder jemand anders mir helfen????
Bitte!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Gruß, Kati
Seitenanfang Seitenende
20.11.2005, 21:05
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#27 Hallo@ KataKo23

Info: Winfixer
http://virus-protect.org/artikel/spyware/winfix.html
-------------------------------------------------------------------------------
VundoFix.exe
http://www.atribune.org/downloads/VundoFix.exe
http://virus-protect.org/artikel/tools/vundofix.html

reinkopieren:

C:\WINDOWS\system32\mljji.dll

# Enter -> F6 --> Enter
# dann wird erscheinen:

Please type in the second filepath as instructed by the forum staff Then Press Enter, Then F6, Then Enter Again to continue with the fix.

# Enter --> dann die F6 Taste --> Enter
reinkopieren:

C:\WINDOWS\system32\ijjlm.*

# Enter --> F6 --> Enter
# HijackThis wird sich oeffnen
# In HijackThis --> Haekchen setzen vor diese Eintraege --> FIX CHECKED:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mljji.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [ZDogTS5] C:\WINDOWS\gishh.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\gishh.exe
O4 - HKLM\..\Run: [epgdut] C:\WINDOWS\epgdut.exe
O4 - HKLM\..\Run: [KAZAA] C:\Programme\Kazaa\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [NI.UWFX5U] "C:\Dokumente und Einstellungen\Katarzyna\Desktop\WinFixer2005ScannerInstallDE.exe"
O4 - HKCU\..\Run: [kffk] C:\PROGRA~1\COMMON~1\kffk\kffkm.exe
O20 - Winlogon Notify: mljji - C:\WINDOWS\system32\mljji.dll

# schliesse Hijackthis, druecke irgendeine Taste und der PC wird neustarten
# es wird einen"Blue Screen of Death" geben, das ist normal

KILLBOX
http://virus-protect.org/killbox.html
Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\PROGRA~1\COMMON~1\kffk\kffkm.exe
C:\WINDOWS\system32\drivers\df_kmd.sys
c:\programme\gemeinsame dateien\winsoftware\pcheck.dll
C:\Dokumente und Einstellungen\Katarzyna\Desktop\WinFixer2005ScannerInstallDE.exe
C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
C:\WINDOWS\epgdut.exe
C:\WINDOWS\gishh.exe

PC neustarten

Killbox
DelTree (include SubDirectories)
Man will zum Beispiel einen Ordner löschen . Nun muss man nicht alle Dateien im Ordner einzeln eingeben, sondern klickt die Option DelTree (include subdirectories).
Hierbei wird ein komplettes Archiv mitsamt der Unterordner gelöscht.

C:\Programme\ISTsvc
C:\PROGRA~1\COMMON~1\kffk
C:\PROGRA~1\COMMON~1\tsa
c:\programme\gemeinsame dateien\winsoftware
C:\Programme\Kazaa

Virenscanner Counterspy anwenden
http://virus-protect.org/counterspy.html

nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove
*Quarantaine

wähle immer Remove und starte den PC neu

loesche alle temp-Dateien mit CCleaner
http://virus-protect.org/temp.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.11.2005, 11:18
...neu hier

Beiträge: 2
#28 Hi Sabina,

danke für deine Antwort vom 06.11. im anderen Thread (http://board.protecus.de/t18748-13.htm). War leider ne Zeit lang nicht online. Habe mittlerweile die LSPfix.exe ausgeführt. Die Systemwiederherstellung konnte ich noch nicht machen, da die Maschine in Englisch aufgesetzt ist und ich das hier nicht gefunden habe ;)
Weißt du auch, wie ich das hier finde? Wäre super lieb... ;)

Hier erstmal der neueste hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:46, on 21.11.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Winprog\VirusScan\mcshield.exe
C:\Winprog\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Winprog\VirusScan\SHSTAT.EXE
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Winprog\Citrix\ICA Client\Wfcrun32.exe
C:\Program Files\Netinst\NiAgnt32.exe
C:\Winprog\Citrix\ICACLI~1\WFICA32.EXE
C:\WINNT\System32\SCardSvr.exe
C:\ClarifyCRM\eFrontOffice11.5\ClarifyClient\clarify.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\aygeral.OAAD\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\winprog\adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Winprog\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [ioaoheej] C:\WINNT\system32\ioaoheej.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [seclogon] C:\WINNT\system32\seclogon.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\sais.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZHxdm011XXDE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c18.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:
O17 - HKLM\System\CS2\Services\Tcpip\Parameters:
O17 - HKLM\System\CS2\Services\Tcpip\Parameters:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:
O20 - AppInit_DLLs: C:\PROGRA~1\NetInst\NiAMH.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Winprog\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Winprog\VirusScan\vstskmgr.exe
O23 - Service: NetInstall Service (NIAIServ) - NetSupport GmbH - C:\Program Files\NetInst\NiAiServ.exe
O23 - Service: NetInstall Executive (NiExServ) - NetSupport GmbH - C:\Program Files\NetInst\NiExServ.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\BIN\ONRSD.EXE
Seitenanfang Seitenende
21.11.2005, 12:25
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#29 gerry81

LSPfix
http://www.spychecker.com/program/lspfix.html

hake an: "I know what Im doing"--Remove
und loesche die newdotnet6_98.dll
(eventuell musst du die dll von links nach rechts bringen)

Start--> Help and Support-->undo changes to your computer with the System Restore -->

dort waehlst du einen Tag (Herstellungspunkt) soweit zurueck wie moeglich, der PC wird neustarten, dann poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.11.2005, 15:30
...neu hier

Beiträge: 2
#30 Hallo Sabrina,
ist mir schon fast peinlich, dass ich so gar keine Ahnung von PC's habe, deshalb hoffe ich wirklich, dass Du mir vielleicht bei meinem WinFixer Problem helfen kannst, ich bin da deswegen echt schon völlig entnervt ...Ich hab mich hier mal ein wenig umgesehen und gesehen,dass der erste Schritt also HiJackThis ist,das hab ich runtergeladen und hier ist also der Log:

Logfile of HijackThis v1.99.1
Scan saved at 15:15:35, on 21.11.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\NSVSVC\NSVSVC.EXE
C:\PROGRAMME\SURFACCURACY\SACC.EXE
C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\STARTMENü\HIJACK\1_99_1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL
F1 - win.ini: run=c:\windows\SYSTEM\cmmpu.exe
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [OEMRNCD] C:\WINDOWS\OPTIONS\CABS\OEMRNCD.EXE
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Welcome] C:\WINDOWS\Welcome.exe /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [SAHBundle] C:\WINDOWS\TEMP\SAHAGENT.EXE run
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\SYSTEM\VIDMON\VIDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [minilog] C:\WINDOWS\SYSTEM\ZoneLabs\MINILOG.EXE -service
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAMME\ICQLITE\ICQLITE\ICQLITE.EXE -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQLITE\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite\ICQLite.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://fred.gibraltarapes.com/download/dialer/eu_cax.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} - http://install.download-url.de/StarInstall.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002245.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab


So,wie geht's jetzt weiter,was soll ich jetzt machen???
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: