Home » Spyware & Browser Hijacker Support Forum » Bekomm WINFIXER2005 nicht weg (mit Hijack-Logfile) » Themenansicht

Bekomm WINFIXER2005 nicht weg (mit Hijack-Logfile)
#0
24.11.2005, 10:59
DeeLoc
...neu hier

Beiträge: 5
#1 Hallo,

kann mir evtl. jemand von euch helfen, ich bin mit dem WinFixer Problem maßlos überfordert und hab keine Ahnung was ich machen muss WinFixer zu löschen. Ich hab hier mal das Hijackthis-Log-File. Ich hoffe ihr findet das Problem.


Logfile of HijackThis v1.99.1
Scan saved at 10:52:49, on 24.11.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMME\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\HAMPANEL.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMME\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\INTERNET OPTIMIZER\OPTIMIZE.EXE
C:\WINDOWS\CUVGOVIT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AEUYP\OOYPK.EXE
C:\PROGRAMME\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\INTERNET OPTIMIZER\ACTALERT.EXE
C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAMME\WIDCOMM\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\PROGRAMME\WIDCOMM\BLUETOOTH SOFTWARE\BTSTACKSERVER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\DOWNLOADS\HIJACKTHIS(1)\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMME\FLASHGET\JCCATCH.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAMME\SIDEFIND\SFBHO.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAMME\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HaMFrontPanel] C:\WINDOWS\hampanel /B:Software\Ambient\HaM
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [BtStart] C:\Programme\WIDCOMM\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [ WinStart] C:\WINDOWS\Connection Wizard\Status\services.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [FbNVfB] C:\WINDOWS\CUVGOVIT.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [FbNV÷h$vùõš/‚²‘ÆßfC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\CUVGOVIT.EXE
O4 - HKLM\..\Run: [Vxalk] C:\PROGRAM FILES\AEUYP\OOYPK.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [CVPND] "C:\Programme\Cisco Systems\VPN Client\cvpnd.exe" start
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Reminder] C:\Programme\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Startup: BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRAMME\FLASHGET\jc_link.htm
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRAMME\FLASHGET\jc_all.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMME\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMME\FLASHGET\FLASHGET.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 132.230.200.200,194.25.2.129,132.230.200.201


Es wär superklasse wenn in diesem Wirrwarr jemand von euch was gefundet hat und mir kurz schreiben könnte was ich machen soll um das Problem zu beheben.

Vielen Dank !!!

Gruß

Michael
Seitenanfang Seitenende
24.11.2005, 12:00
Sayana
...neu hier

Beiträge: 2
#2 Lösung: Winfix2005 entfernen - Winfixer ist weg - WINXP-Betriebssystem

Folgendes hat geklappt der PC läuft jetzt 4 Stunden ohne Winfix

1. ausführen - "regedit" - suchen "winfix"
- a l l e Einträge (ca. 6), die gefunden werden löschen
2. mit "strg-alt-entf" in den Taskmanager:
- das Programm UW...installer.exe entfernen
2.a die beiden Dateien suchen (WINFIX2005 + UW*.exe) sind meist im temp-Ordner unter Windows) und löschen....
3. ausführen "msconfig": die entsprechenden Programme UW...installer.exe deaktivieren

neustarten - hoffen - bei uns hat das geholfen
Seitenanfang Seitenende
24.11.2005, 12:33
DeeLoc
...neu hier

Themenstarter

Beiträge: 5
#3 Danke erstmal für die schnelle Antwort,

leider findet es in meinem Regedit kein winfix oder winfixer. Wenn ich strg-alt-entf mache finde ich auch keinen Eintrag mit UW...
Auf der Festplatte (im Windows Ordner) finde ich auch keine Winfix oder UW.. oder Winfixer Dateien.

Keine Ahnung warum es bei mir nichts findet, evtl. hängts an den unterschiedlichen Betriebssystemen. Aber wahrscheinlich wird deine Lösung des Problems bei mir leider nicht funktionieren.

Trotzdem vielen Dank für deine Mühen.

Gruß

Michael
Seitenanfang Seitenende
24.11.2005, 13:25
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 DeeLoc

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAMME\SIDEFIND\SFBHO.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [FbNVfB] C:\WINDOWS\CUVGOVIT.EXE
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [FbNV÷h$vùõš/‚²‘ÆßfC:\Programme\ISTsvc\istsvc.exe] C:\WINDOWS\CUVGOVIT.EXE
O4 - HKLM\..\Run: [Vxalk] C:\PROGRAM FILES\AEUYP\OOYPK.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_Crac*hier nicht!*.cab

PC neustarten

deinstallieren:
SIDEFIND
ISTsvc
Internet Optimizer

loeschen--> kannst du mit der Killbox
http://virus-protect.org/killbox.html
oder manuell machen

C:\WINDOWS\CUVGOVIT.EXE
C:\Programme\ISTsvc
C:\Program Files\Internet Optimizer
C:\WINDOWS\NEM220.DLL
C:\WINDOWS\WSEM303.DLL
C:\PROGRAMME\SIDEFIND

wende CleanUp an
http://virus-protect.org/cleanup.html

counterspy
http://virus-protect.org/counterspy.html
Klicke: "Run a Spyware Scan Now"
- nach dem Scan muss man sich entscheiden für:

*Ignore
*Remove
*Quarantaine

wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)

dananch scanne noch mit ewido
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.11.2005, 07:40
DeeLoc
...neu hier

Themenstarter

Beiträge: 5
#5 Hi

Erstmal Danke für deine Hilfe.
Hab jetzt mal alles soweit gemacht wie du's mir geschrieben hast und hier ist nun das Scanreport von Counterspy:

pyware Scan Details
Start Date: 24.11.2005 22:35:02
End Date: 24.11.2005 22:48:00
Total Time: 12 mins 58 secs

Detected spyware

NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Ignored

Infected files detected
c:\windows\ndnuninstall6_38.exe
c:\WINDOWS\NDNuninstall6_98.exe


IST.PowerScan Adware more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Ignored

Infected files detected
c:\programme\power scan\uninstall.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main bandrest
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist InstallDate 2005-11-14 21:40:57
HKEY_CURRENT_USER\software\ist account_id 138770
HKEY_CURRENT_USER\software\ist config mtb_c
HKEY_CURRENT_USER\software\ist referer http%3A//www.Crac*hier nicht!*.am/d.x%3F65157
HKEY_CURRENT_USER\software\ist NeverISTsvc 1


IST.ISTbar Browser Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Ignored

Infected files detected
c:\programme\istbar\xml_istbar.xml
c:\programme\istbar\imagemap_normal.bmp
c:\programme\istbar\imagemap_over.bmp
c:\programme\istbar\version.txt
c:\_RESTORE\TEMP\A0048566.CPY

Infected registry entries detected
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist InstallDate 2005-11-14 21:40:57
HKEY_CURRENT_USER\software\ist account_id 138770
HKEY_CURRENT_USER\software\ist config mtb_c
HKEY_CURRENT_USER\software\ist referer http%3A//www.Crac*hier nicht!*.am/d.x%3F65157
HKEY_CURRENT_USER\software\ist NeverISTsvc 1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_CURRENT_USER\Software\Avenue Media
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\NEM220.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINDOWS\WSEM303.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510423 4187365070
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510392 4187365084
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi24
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29749556,4258179424
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-2dbcfb010c3c0047cbefa89
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1132004131
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1132804736
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 1600,5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 C:\WINDOWS\NEM220.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR C:\WINDOWS\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 DyFuCA_BH 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer DyFuCA_BH.BHObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj BHObj Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 BHObj Class
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll
HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}
HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}\Properties Ticket 02545916161285
HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} MirarAdTag Class


SurfAccuracy Adware more information...
Status: Ignored

Infected files detected
c:\programme\surfaccuracy\saccu.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 D:\DONKY\EDONKEY2000\PLUGINS\ED2KIE.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 DisplayName eDonkey2000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 UninstallString "D:\Donky\eDonkey2000\uninstall_eDonkey2000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 DisplayIcon "D:\Donky\eDonkey2000\eDonkey2000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 NoModify 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eDonkey2000 NoRepair 1


AvenueMedia.DyFuCA Browser Plug-in more information...
Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself.
Status: Ignored

Infected files detected
c:\_RESTORE\TEMP\A0048577.CPY
c:\_RESTORE\TEMP\A0048580.CPY
c:\Downloads\hijackthis(1)\backups\backup-20051124-213647-350.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj.1 BHObj Class
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib {40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{1c01d150-91a4-4de0-9bf8-a35d1bdf1001} IBHObj
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\0\win32 C:\WINDOWS\NEM220.DLL
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0\HELPDIR C:\WINDOWS\
HKEY_CLASSES_ROOT\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\1.0 DyFuCA_BH 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\NEM220.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINDOWS\WSEM303.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510423 4187365070
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510392 4187365084
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\NEM220.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Version 3.0.1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Version 3.0.3
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE ModuleFileName C:\WINDOWS\WSEM303.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2527 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2526 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI2525 4187363338
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510423 4187365070
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\WSE RI510392 4187365084
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer CLS wsi24
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ServerVisited 29749556,4258179424
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer UpdateInterval 43200
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer ID 1-2dbcfb010c3c0047cbefa89
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer InstallT 1132004131
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer remember[LLT] 1132804736
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer Conn 1600,5
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\software\avenue media
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\NEM220.DLL
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 TimeStamp 20040505223625
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert\cf1 Version 3.0.1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert Version 3.0.1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\Active Alert Target C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf1 Version 3.0.3
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf2 Version 3.0.3
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 DiffAll Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 TimeStamp 20051014101708
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE\cf4 Version 3.0.3
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE Version 3.0.3
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE Options 1,Search Engine Optimization,1
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE ModuleFileName C:\WINDOWS\WSEM303.DLL
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2527 4187363338
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2526 4187363338
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI2525 4187363338
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510423 4187365070
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer\WSE RI510392 4187365084
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TargetDir
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer TAC Yes
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer CLS wsi24
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer RID c01
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Version 3.1.5
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ServerVisited 29749556,4258179424
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer UpdateInterval 43200
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer ID 1-2dbcfb010c3c0047cbefa89
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer InstallT 1132004131
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer remember[LLT] 1132804736
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer Conn 1600,5
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 403 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 404 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 410 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer 500 1024
HKEY_LOCAL_MACHINE\software\avenue media\Internet Optimizer PendingRemoval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSEM Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSEM Update DisplayName WSEM Update
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSEM Update UninstallString "C:\Program Files\Internet Optimizer\optimize.exe" /u 1
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\0\win32 C:\WINDOWS\WSEM303.DLL
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0\HELPDIR C:\WINDOWS\
HKEY_CLASSES_ROOT\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\1.0 DyFuCA_BH 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dyfuca
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1\CLSID {CEA206E8-8057-4A04-ACE9-FF0D69A92297}
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj.1 SinkObj Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert DisplayIcon C:\Program Files\Internet Optimizer\actalert.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert DisplayName Active Alert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert UninstallString "C:\Program Files\Internet Optimizer\actalert.exe" /u
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CLSID {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj\CurVer DyFuCA_BH.BHObj.1
HKEY_CLASSES_ROOT\dyfuca_bh.bhobj BHObj Class
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj\CLSID {CEA206E8-8057-4A04-ACE9-FF0D69A92297}
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj\CurVer DyFuCA_BH.SinkObj.1
HKEY_CLASSES_ROOT\dyfuca_bh.sinkobj SinkObj Class
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout Comment
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\uninstall\Kapabout DComment YES
HKEY_CURRENT_USER\Software\Policies\Avenue Media
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media
HKEY_CURRENT_USER\Software\Avenue Media


Internet Optimizer Browser Hijacker more information...
Details: Internet Optimizer hijacks error pages and redirects them to its own controlling server at http://www.internet-optimizer.com.
Status: Ignored

Infected files detected
c:\_RESTORE\TEMP\A0048578.CPY
c:\_RESTORE\TEMP\A0048579.CPY

Infected registry entries detected
HKEY_CURRENT_USER\software\avenue media
HKEY_LOCAL_MACHINE\software\policies\avenue media
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Options 1,URL Search Optimization,1
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper ModuleFileName C:\WINDOWS\nem220.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper Version 2.2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 C:\WINDOWS\NEM220.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\HELPDIR C:\WINDOWS\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0 DyFuCA_BH 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB}\1.0\0\win32 C:\WINDOWS\NEM220.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout DComment YES


IST.SideFind Adware more information...
Details: SideFind installs an adware Internet Explorer browser helper object that installs some extra buttons.
Status: Ignored

Infected files detected
c:\_RESTORE\TEMP\A0048936.CPY
c:\_RESTORE\TEMP\A0048939.CPY
c:\Downloads\hijackthis(1)\backups\backup-20051124-213647-528.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper BAHelper Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder\CurVer SideFind.Finder.1
HKEY_LOCAL_MACHINE\Software\Classes\SideFind.Finder SideFind
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SFBHO.DLL
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} IFinder
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SFBHO.DLL
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping {10e42047-deb9-4535-a118-b3f6ec39b807}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SFBHO.DLL
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_LOCAL_MACHINE\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SFBHO.DLL
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_CLASSES_ROOT\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\1.0 SideFind 1.0 Type Library
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\ProgID SideFind.Finder.1
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\VersionIndependentProgID SideFind.Finder
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\TypeLib {58634367-D62B-4C2C-86BE-5AAC45CDB671}
HKEY_CLASSES_ROOT\clsid\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 BAHelper Class
HKEY_CLASSES_ROOT\SideFind.Finder.1
HKEY_CLASSES_ROOT\SideFind.Finder.1\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_CLASSES_ROOT\SideFind.Finder.1 SideFind
HKEY_CLASSES_ROOT\SideFind.Finder
HKEY_CLASSES_ROOT\SideFind.Finder\CLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_CLASSES_ROOT\SideFind.Finder\CurVer SideFind.Finder.1
HKEY_CLASSES_ROOT\SideFind.Finder SideFind
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1 BAHelper Class
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CLSID {A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper\CurVer BrowserHelperObject.BAHelper.1
HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper BAHelper Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind shoppingautosearch true
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind webautosearch true
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0 SideFind 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SIDEFIND.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SFBHO.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0 BrowserHelperObject 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SFBHO.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} BandCLSID {8CBA1B49-8144-4721-A7B1-64C578C9EED7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} CLSID {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} Icon C:\PROGRA~1\SideFind\sidefind.dll,201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} HotIcon C:\PROGRA~1\SideFind\sidefind.dll,201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} ButtonText SideFind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} Default Visible Yes


Unclassified.Spyware.57 Spyware more information...
Status: Ignored

Infected files detected
c:\_RESTORE\TEMP\A0048941.CPY
c:\!KillBox\CUVGOVIT.EXE


Active Alert Potentially dangerous utilities/tools more information...
Details: Exploits vulnerabilities in Windows Explorer
Status: Ignored

Infected files detected
c:\Downloads\hijackthis(1)\backups\backup-20051124-213647-570.dll


Accoona.Toolbar Toolbar more information...
Details: The Accoona Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs.
Status: Ignored

Infected files detected
c:\Program Files\Accoona\quiesce.exe

MoneyTree Dialer more information...
Details: MoneyTree is an ActiveX control used to download premium-rate dialers, generally for porn sites. Each time MoneyTree is run, on system startup, it tries to connect to a pornographic website.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\ProgID DyFuCA_BH.SinkObj.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\VersionIndependentProgID DyFuCA_BH.SinkObj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\InprocServer32 C:\WINDOWS\WSEM303.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} SinkObj Class
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj


WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\wusn.1
HKEY_LOCAL_MACHINE\software\classes\wusn.1 WUSN_Id
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id


IST.ISTbar.ActiveX Spyware more information...
Details: ISTactivex is an Internet Explorer hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}


Cydoor Adware more information...
Details: Cydoor is an adware program that downloads advertisements from a server and displays them on your computer.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsupport_277
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsupport_277 DisplayName FlashGet ads support
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adsupport_277 UninstallString RunDll32 C:\WINDOWS\SYSTEM\cd_clint.dll,ServiceRunDll u_277
HKEY_USERS\.default\software\cydoor services
HKEY_CURRENT_USER\software\cydoor services


IST.SlotchBar Toolbar more information...
Details: An adware toolbar program for affiliates to distrubute on sites. Affiliates get paid per install of the toolbar.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\IST InstallDate 2005-11-14 21:40:57
HKEY_CURRENT_USER\Software\IST account_id 138770
HKEY_CURRENT_USER\Software\IST config mtb_c
HKEY_CURRENT_USER\Software\IST referer http%3A//www.Crac*hier nicht!*.am/d.x%3F65157
HKEY_CURRENT_USER\Software\IST NeverISTsvc 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll .Owner {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll {7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\IST InstallDate 2005-11-14 21:40:57
HKEY_CURRENT_USER\Software\IST account_id 138770
HKEY_CURRENT_USER\Software\IST config mtb_c
HKEY_CURRENT_USER\Software\IST referer http%3A//www.Crac*hier nicht!*.am/d.x%3F65157
HKEY_CURRENT_USER\Software\IST NeverISTsvc 1
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} IBHObj
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib {D0288A41-9855-4A9B-8316-BABE243648DA}
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} IBAHelper
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib {0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC}
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} ISinkObj
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\0\win32 C:\PROGRAMME\SIDEFIND\SFBHO.DLL
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0\HELPDIR C:\PROGRAMME\SIDEFIND\
HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\1.0 BrowserHelperObject 1.0 Type Library


IST.ISTbar.ContentMatchControl Browser Plug-in more information...
Details: IST.ISTbar.ContentMatchControlis an Internet Explorer redirector that modifies your homepage and searches without your consent using an Internet Explorer toolbar. IST.ISTbar.ContentMatchControl is part of the IST.ISTbar product.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}
HKEY_CLASSES_ROOT\clsid\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}\Properties Ticket 02545916161285
HKEY_CLASSES_ROOT\clsid\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} MirarAdTag Class


TinyBar Browser Hijacker more information...
Details: TinyBar is an Internet Explorer toolbar that adds registry entries that use the Windows system file shdocvw.dll to display a web page as a toolbar.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\istactivex.dll


WhenU.WhenUSearch Low Risk Adware more information...
Details: a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id


Hab da dann eigentlich alles removed.

Brauchst du sonst noch was ?? z.B. nen neuen Hijackscan oder so ???

Bis denn
Gruß
Seitenanfang Seitenende
25.11.2005, 11:46
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 du hast alles: Ignored
setze alles auf Remove und starte den PC neu

--------------------------------------------------------

dananch scanne noch mit ewido--> poste den scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.11.2005, 14:24
DeeLoc
...neu hier

Themenstarter

Beiträge: 5
#7 Hi

Hab den Counterspy nochmal laufen lassen und bei den 5 Sachen die er noch gefunden hat dann auch remove gemacht. Jetzt findet er nix mehr.

Den Ewido kann ich leider nicht anwenden, da ich Win ME hab und es da nicht funktioniert.

Kann ich sonst noch irgendwas machen?

Danke schön
Seitenanfang Seitenende
26.11.2005, 15:10
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 scanne und poste den scanbericht
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.11.2005, 08:20
DeeLoc
...neu hier

Themenstarter

Beiträge: 5
#9 Hi

leider weiss ich nicht wie ich den Scanbericht von cureit posten kann, aber der Scna hat nur ein verdächtiges File gefunden und das war ein "möglicherweise BACKDOOR.Trojan" und zwar im Verzeichnis "C:\Programme\Sunbelt Software\CounterSpy\Consumer"
Ich denk mal das das nichts ist, da es ja der andere Virenscanner ist.

Gruß
Michael
Seitenanfang Seitenende
28.11.2005, 12:18
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 wahrscheinlich war es eine Datei, die der Counterspy noch in Qurantaene hatte ;)
Es duerfte nun alles wieder in Ordnung sein ;)
Oder gibt es noch PopUps ???
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.11.2005, 12:52
Stormrider
...neu hier

Beiträge: 3
#11 Hallo Leute,
wie ich feststellen konnte gibt es hier einige die sich hervoragend mit Problemen anderer auskennen. Ich bin leider ein newbee auf dem Gebiet Computerprobleme (Viren, Trojaner, Winfixer, Malware)

Seid einiger Zeit habe ich ebenfalls Probleme mit WinFixer, welches versucht sich jedes Mal wenn ich online bin herunter zu laden und zu installieren, obwohl ich es immer verneine.

Ich habe mir schon einige Thread durchgelesen und mich über HJT informiert. Ich habe ein Scan damit durchgeführt und stelle hier mein Log rein. Ich hoffe jemand kann mir helfen das Problem zu beheben, und mir evtl. ein gutes Antivirus Programm empfehlen, um solchen Problemen vorzubeugen.

Danke euch schon mal im Voraus

Hier der Log

Logfile of HijackThis v1.99.1
Scan saved at 12:31:04, on 28.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\Programme\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\AOL 9.0a\waol.exe
C:\Programme\AOL 9.0a\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Dokumente und Einstellungen\PIMP\Eigene Dateien\PC Zubehör\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programme\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ABIT uGuru] C:\Programme\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.de/de/engine/aolcinst_de_de.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{814CDC85-9C96-43A0-B282-C8616D5A315D}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
Seitenanfang Seitenende
28.11.2005, 13:37
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 Stormrider

LSPfix
http://www.spychecker.com/program/lspfix.html
schreibe mir, welche dll du dort findest
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.11.2005, 15:56
Stormrider
...neu hier

Beiträge: 3
#13 Hallo,
Sorry das ich nicht so schnell antworten kann, bin nicht oft online.

hier die dll:

mswsock.dll
winrnr.dll
newdotnet6_98.dll
rsvpsp.dll
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1