Spyware Scan Details
Start Date: 19.09.2006 15:20:50
End Date: 19.09.2006 16:56:08
Total Time: 1 hrs 35 mins 18 secs
Detected spyware
IEPlugin Adware (General) more information...
Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
Status: Deleted
Infected files detected
c:\windows\eltupt.exe
c:\windows\lu.dat
C:\Dokumente und Einstellungen\KOJIC MILAN\Lokale Einstellungen\Temp\eltupt.exe
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run eltupt
HKEY_CURRENT_USER\Software\intexp
HKEY_CURRENT_USER\Software\intexp\Config SystemDate 09/19/06
HKEY_CURRENT_USER\Software\intexp\Config InstallDay 3.853071E+004
HKEY_CURRENT_USER\Software\intexp\Config LogUrl 1
HKEY_CURRENT_USER\Software\intexp\Config KeywordMatch 0
HKEY_CURRENT_USER\Software\intexp\Config LeftPanel 1
HKEY_CURRENT_USER\Software\intexp\Config PostCGITime 44940
HKEY_CURRENT_USER\Software\intexp\MyFileSystem2 SystemID 11083418
HKEY_CURRENT_USER\Software\intexp version 1.20031
HKEY_CLASSES_ROOT\remove
Spybot CC Backdoor more information...
Details: Spybot-CC is a backdoor Trojan and worm which spreads via file sharing on Kazaa P2P networks and by copying itself to network shares that have weak password protection on the $ADMIN share.
Status: Deleted
BrowserAid Browser Plug-in more information...
Details: BrowserAid is a group of Internet Explorer software toolbars which are installed without the users consent (most).
Status: Deleted
Infected files detected
c:\dokumente und einstellungen\kojic misa\anwendungsdaten\browser pal\pstopper.sts
c:\windows\system32\stlbupdt.dll
Infected registry entries detected
HKEY_CLASSES_ROOT\bho.iadvertisementbho.1
HKEY_CLASSES_ROOT\bho.iadvertisementbho.1\CLSID {80672997-D58C-4190-9843-C6C61AF8FE97}
HKEY_CLASSES_ROOT\bho.iadvertisementbho.1 IAdvertisementBHO Class
HKEY_CLASSES_ROOT\bho.iadvertisementbho
HKEY_CLASSES_ROOT\bho.iadvertisementbho\CLSID {80672997-D58C-4190-9843-C6C61AF8FE97}
HKEY_CLASSES_ROOT\bho.iadvertisementbho\CurVer bho.IAdvertisementBHO.1
HKEY_CLASSES_ROOT\bho.iadvertisementbho IAdvertisementBHO Class
HKEY_CLASSES_ROOT\typelib\{85c2c2a1-3f20-4ead-adc3-bd3217391543}
HKEY_CLASSES_ROOT\typelib\{85c2c2a1-3f20-4ead-adc3-bd3217391543}\1.0\0\win32 C:\WINDOWS\rundll16.dll
HKEY_CLASSES_ROOT\typelib\{85c2c2a1-3f20-4ead-adc3-bd3217391543}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{85c2c2a1-3f20-4ead-adc3-bd3217391543}\1.0\HELPDIR C:\WINDOWS\
HKEY_CLASSES_ROOT\typelib\{85c2c2a1-3f20-4ead-adc3-bd3217391543}\1.0 bho 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Active 00 1046780210
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Active 06 1050672208
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Active 07 1051869104
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Active 12 1067642666
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Installed mads100
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Installed hp100
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Installed mads102
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Installed fr100
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Installed hp101
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate\Installed stupdt
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate Gid 583820241035506028884704756352
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate LastNI 1067642656
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runwindowsupdate Country DE
NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components.
Status: Deleted
Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\netpumper help.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\netpumper.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\readme.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\shutdown netpumper.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\uninstall netpumper.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\anti-leech\install plugin for ms internet explorer.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\anti-leech\install plugin for netscape, mozilla, opera.lnk
c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\anti-leech\license.lnk
Infected registry entries detected
HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface
HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface\CLSID {E19B133D-184E-4BBA-8A70-38489C9DD31B}
HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface NetscapeInterface Object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Setup Version 2.0.18 with ISX 2.0.18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: App Path C:\Programme\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Icon Group NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: User KOJIC MISA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Setup Type standard
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Selected Components netpumper,zone__np_0001,alie,alnn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Deselected Components
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 DisplayName NetPumper 1.25.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 UninstallString C:\Programme\NetPumper\unins000.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 DisplayVersion 1.25.1
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-netpumper-detector
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-netpumper-detector Extension .xnpd
HKEY_CLASSES_ROOT\NetPumper.AddUrl
HKEY_CLASSES_ROOT\NetPumper.AddUrl\CLSID {1AA406AB-F581-42AB-B4D1-31D2E13819EF}
HKEY_CLASSES_ROOT\NetPumper.AddUrl AddUrl Object
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free\Firstrun state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Installed state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo GEZ3XqQM1B+KNTKdpD812nqGRUcYq7UxkS2dE9XYuIsK+VtU0FsGtXdSa8UzcZv06-q5Hsx-SOsK0Y0Br1MX3ExPhDyJtYPGmFWlAdvsUu0zi62-uxf0UMnzqJeG-TAx8NtvShp9IWmDuGvwX094JikO41PxPyVbZb5+f6dZtZRpSGY2orDSjIgFri6TxI8gUY3lmkFTEpSU
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper Application NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper NEWVER
http://cv.netpumper.com/
HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}
HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\InprocServer32 C:\Programme\NetPumper\NetPumperNNProxy.dll
HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\ProgID NetPumperNNProxy.NetscapeInterface
HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\Typelib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B} NetscapeInterface Object
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 C:\Programme\NetPumper\NetPumper.exe /Automation
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\ProgID NetPumper.AddUrl
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Typelib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Version 1.2
HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF} AddUrl Object
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA} INetscapeInterface
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\0\win32 C:\Programme\NetPumper\NetPumper.exe
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\HELPDIR C:\Programme\NetPumper\
HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2 NetPumper Library
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\0\win32 C:\Programme\NetPumper\NetPumperNNProxy.dll
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\HELPDIR C:\Programme\NetPumper\
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0 NetPumperNNProxy Library
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\KOJIC MISA Field1 1062844196
HKEY_CURRENT_USER\Software\NetPumper\KOJIC MISA Field2 21499785
HKEY_CURRENT_USER\Software\NetPumper\KOJIC MISA Field3 2085512238
HKEY_CURRENT_USER\Software\NetPumper\KOJIC MISA Field4 2143839533
Delfin.WebBar Browser Plug-in more information...
Details: Delfin WebBar adds a generic search bar to Internet Explorer that submits searches the authors web site.
Status: Deleted
Infected files detected
c:\programme\appliedsearch_autoinstall\bar.dll
c:\programme\appliedsearch_autoinstall\bar.ini
c:\programme\appliedsearch_autoinstall\logo.bmp
Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{6600D22D-083F-11D6-99DE-D172E92EBC2A}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6600D22E-083F-11D6-99DE-D172E92EBC2A}\TypeLib Version 1.0
eXact.SearchBar Browser Plug-in more information...
Details: eXactSearchBar is an Internet Explorer toolbar with standard search features that performs targeted advertising based on the computer usage and the URLs associated with Web pages.
Status: Deleted
Infected files detected
c:\windows\system32\exacctsetup3.exe
c:\windows\system32\ezstubi.exe
c:\windows\system32\exactsetup.dll
Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted
Infected files detected
c:\windows\gatorpatch.log
IGetNet Hijacker more information...
Details: IGetNet is a browser hijacker that is implemented as an Internet Explorer BHO. When you enter something into the address bar, IGetNet checks to see whether it includes keyword they have sold to one of their advertisers.
Status: Deleted
Infected files detected
c:\windows\system\update_removeold.dll
c:\windows\system\rules.dat
Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\InprocServer32 C:\Programme\ClearSearch\IE_ClrSch.DLL
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\ProgID Ie_clrsch.IEHooks.1
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\TypeLib {95B3AF07-0E4F-4CDF-ACFD-3D4EFD9AEC0B}
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\VersionIndependentProgID Ie_clrsch.IEHooks
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313} IEHooks Class
HKEY_CLASSES_ROOT\interface\{3683fd85-0501-40dc-9edb-9d9181800d72}
HKEY_CLASSES_ROOT\interface\{3683fd85-0501-40dc-9edb-9d9181800d72}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{3683fd85-0501-40dc-9edb-9d9181800d72}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{3683fd85-0501-40dc-9edb-9d9181800d72}\TypeLib {676058DB-89BD-11D6-8A8C-0050BA8452C0}
HKEY_CLASSES_ROOT\interface\{3683fd85-0501-40dc-9edb-9d9181800d72}\TypeLib Version a1.0
HKEY_CLASSES_ROOT\interface\{3683fd85-0501-40dc-9edb-9d9181800d72} BizLgk
Transponder.MsView Adware (General) more information...
Status: Deleted
Infected files detected
c:\windows\inf\msview.inf
NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted
Infected files detected
c:\windows\ndnuninstall4_50.exe
WhenU.WeatherCast Low Risk Adware more information...
Details: WeatherCast is an ad supported desktop weather program that that puts an icon in the system tray displaying the local temperature. It also offers current weather data and forecasts. Weathercast is often bundled with the Save advertising program and/or th
Status: Deleted
Infected files detected
c:\windows\downloaded program files\saveinst.inf
Infected registry entries detected
HKEY_CLASSES_ROOT\WhenU.EmbedSE
HKEY_CLASSES_ROOT\WhenU.EmbedSE\CLSID {389A5A59-1306-4389-A779-2EB9D0BC1FFB}
HKEY_CLASSES_ROOT\WhenU.EmbedSE\CurVer WhenU.EmbedSE.1
HKEY_CLASSES_ROOT\WhenU.EmbedSE WhenU EmbedSE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WeatherCast
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WeatherCast SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WeatherCast Changed 0
ABetterInternet Adware (General) more information...
Details: ABetterInternet shows advertisements based on the web pages you view and the web sites you visit.
Status: Deleted
Infected files detected
c:\windows\susp.ini
Comet Cursor Browser Plug-in more information...
Details: Comet Cursor is a browser pulg-in which logs web information like cookies, IP addresses etc.
Status: Deleted
Infected files detected
c:\windows\inf\dm.inf
c:\windows\inf\dm.pnf
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{DA0882FB-49A3-4A9E-BB09-5E15347B5647}
HKEY_CLASSES_ROOT\CLSID\{DA0882FB-49A3-4A9E-BB09-5E15347B5647}\InprocServer32 C:\PROGRA~1\COMETS~1\Platform\Bin\csadzap.dll
HKEY_CLASSES_ROOT\CLSID\{DA0882FB-49A3-4A9E-BB09-5E15347B5647}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{DA0882FB-49A3-4A9E-BB09-5E15347B5647}\ProgID Puk.PukBHO.1
HKEY_CLASSES_ROOT\CLSID\{DA0882FB-49A3-4A9E-BB09-5E15347B5647}\TypeLib {5D2D50F6-6BE2-41A0-B827-1ACCD3E2E2F7}
HKEY_CLASSES_ROOT\CLSID\{DA0882FB-49A3-4A9E-BB09-5E15347B5647}\VersionIndependentProgID Puk.PukBHO
HKEY_CLASSES_ROOT\CLSID\{DA0882FB-49A3-4A9E-BB09-5E15347B5647} PukBHO Class
HKEY_CLASSES_ROOT\CLSID\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76}
HKEY_CLASSES_ROOT\CLSID\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76}\InprocServer32 C:\PROGRA~1\COMETS~1\Platform\Bin\csband.dll
HKEY_CLASSES_ROOT\CLSID\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} Vertical Bar
HKEY_CLASSES_ROOT\Puk.PukBHO.1
HKEY_CLASSES_ROOT\Puk.PukBHO.1\CLSID {DA0882FB-49A3-4A9E-BB09-5E15347B5647}
HKEY_CLASSES_ROOT\Puk.PukBHO.1 PukBHO Class
HKEY_CLASSES_ROOT\Puk.PukBHO
HKEY_CLASSES_ROOT\Puk.PukBHO\CLSID {DA0882FB-49A3-4A9E-BB09-5E15347B5647}
HKEY_CLASSES_ROOT\Puk.PukBHO\CurVer Puk.PukBHO.1
HKEY_CLASSES_ROOT\Puk.PukBHO PukBHO Class
HKEY_CLASSES_ROOT\TypeLib\{062EFA78-8BBB-11D3-80D0-00500487B1C5}
HKEY_CLASSES_ROOT\TypeLib\{062EFA78-8BBB-11D3-80D0-00500487B1C5}\1.0\0\win32 C:\PROGRA~1\COMETS~1\Platform\Bin\cscore.dll
HKEY_CLASSES_ROOT\TypeLib\{062EFA78-8BBB-11D3-80D0-00500487B1C5}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{062EFA78-8BBB-11D3-80D0-00500487B1C5}\1.0\HELPDIR C:\PROGRA~1\COMETS~1\Platform\Bin\
HKEY_CLASSES_ROOT\TypeLib\{062EFA78-8BBB-11D3-80D0-00500487B1C5}\1.0 CORELib
HKEY_CLASSES_ROOT\TypeLib\{3F4386E5-2FBE-44A8-81CF-4B792490605F}
HKEY_CLASSES_ROOT\TypeLib\{3F4386E5-2FBE-44A8-81CF-4B792490605F}\1.0\0\win32 C:\PROGRA~1\COMETS~1\Platform\Bin\cseng.dll
HKEY_CLASSES_ROOT\TypeLib\{3F4386E5-2FBE-44A8-81CF-4B792490605F}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{3F4386E5-2FBE-44A8-81CF-4B792490605F}\1.0\HELPDIR C:\PROGRA~1\COMETS~1\Platform\Bin\
HKEY_CLASSES_ROOT\TypeLib\{3F4386E5-2FBE-44A8-81CF-4B792490605F}\1.0 CSEng 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{5D2D50F6-6BE2-41A0-B827-1ACCD3E2E2F7}
HKEY_CLASSES_ROOT\TypeLib\{5D2D50F6-6BE2-41A0-B827-1ACCD3E2E2F7}\1.0\0\win32 C:\PROGRA~1\COMETS~1\Platform\Bin\csadzap.dll
HKEY_CLASSES_ROOT\TypeLib\{5D2D50F6-6BE2-41A0-B827-1ACCD3E2E2F7}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{5D2D50F6-6BE2-41A0-B827-1ACCD3E2E2F7}\1.0\HELPDIR C:\PROGRA~1\COMETS~1\Platform\Bin\
HKEY_CLASSES_ROOT\TypeLib\{5D2D50F6-6BE2-41A0-B827-1ACCD3E2E2F7}\1.0 Puk 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{7F0F5D9A-84CB-11D4-8137-00500487B1C5}
HKEY_CLASSES_ROOT\TypeLib\{7F0F5D9A-84CB-11D4-8137-00500487B1C5}\1.0\0\win32 C:\PROGRA~1\COMETS~1\Platform\Bin\skinui.dll
HKEY_CLASSES_ROOT\TypeLib\{7F0F5D9A-84CB-11D4-8137-00500487B1C5}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{7F0F5D9A-84CB-11D4-8137-00500487B1C5}\1.0\HELPDIR C:\PROGRA~1\COMETS~1\Platform\Bin\
HKEY_CLASSES_ROOT\TypeLib\{7F0F5D9A-84CB-11D4-8137-00500487B1C5}\1.0 SKINUILib
HKEY_CLASSES_ROOT\TypeLib\{878ACE1B-8DB0-4D75-9034-504756AD4215}
HKEY_CLASSES_ROOT\TypeLib\{878ACE1B-8DB0-4D75-9034-504756AD4215}\1.0\0\win32 C:\PROGRA~1\COMETS~1\Platform\Bin\csietb.dll
HKEY_CLASSES_ROOT\TypeLib\{878ACE1B-8DB0-4D75-9034-504756AD4215}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{878ACE1B-8DB0-4D75-9034-504756AD4215}\1.0\HELPDIR C:\PROGRA~1\COMETS~1\Platform\Bin\
HKEY_CLASSES_ROOT\TypeLib\{878ACE1B-8DB0-4D75-9034-504756AD4215}\1.0 CometIEToolbar 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{C09FB84D-B9ED-43EB-AFED-F145C26CB839}
HKEY_CLASSES_ROOT\TypeLib\{C09FB84D-B9ED-43EB-AFED-F145C26CB839}\1.0\0\win32 C:\PROGRA~1\COMETS~1\Platform\Bin\csband.dll
HKEY_CLASSES_ROOT\TypeLib\{C09FB84D-B9ED-43EB-AFED-F145C26CB839}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{C09FB84D-B9ED-43EB-AFED-F145C26CB839}\1.0\HELPDIR C:\PROGRA~1\COMETS~1\Platform\Bin\
HKEY_CLASSES_ROOT\TypeLib\{C09FB84D-B9ED-43EB-AFED-F145C26CB839}\1.0 CometIEBand 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{D14D6786-9B65-11D3-80B6-00500487BDBA}
HKEY_CLASSES_ROOT\TypeLib\{D14D6786-9B65-11D3-80B6-00500487BDBA}\1.0\0\win32 C:\PROGRA~1\COMETS~1\Platform\Bin\csbho.dll
HKEY_CLASSES_ROOT\TypeLib\{D14D6786-9B65-11D3-80B6-00500487BDBA}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{D14D6786-9B65-11D3-80B6-00500487BDBA}\1.0\HELPDIR C:\PROGRA~1\COMETS~1\Platform\Bin\
HKEY_CLASSES_ROOT\TypeLib\{D14D6786-9B65-11D3-80B6-00500487BDBA}\1.0 BHOLib
HKEY_CLASSES_ROOT\CLSID\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}
HKEY_CLASSES_ROOT\CLSID\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}\InprocServer32 C:\PROGRA~1\COMETS~1\Platform\Bin\csband.dll
HKEY_CLASSES_ROOT\CLSID\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} Horizontal Bar
TopRebates.WebRebates Browser Plug-in more information...
Details: TopRebates is a browser toolbar that can display pop-up advertisements and monitor your Web browsing activities.
Status: Deleted
Infected files detected
c:\windows\artmmp.ini
FavoriteMan Browser Plug-in more information...
Details: FavoriteMan is an Internet Explorer Browser Helper Object (BHO) that intermittently connects to its controlling servers which may direct it to download and install other programs and add entries to the IE Favorites menu or background Desktop.
Status: Deleted
Infected files detected
c:\windows\system32\sysldr.dll
Infected registry entries detected
HKEY_CURRENT_USER\Software\Microsoft\Windows Counter
HKEY_CURRENT_USER\Software\Microsoft\Windows Object
HKEY_CURRENT_USER\Software\Microsoft\Windows Server
Dimpy.Win32VBsy Backdoor more information...
Details: Dimpy.Win32VBsy is a trojan that records certain keystrokes and steals other data from the infected machine.
Status: Deleted
Infected files detected
c:\windows\urls.dat
PrizeSurfer Adware (General) more information...
Details: PrizeSurfer open pop up windows in Internet Explorer.
Status: Deleted
Infected files detected
c:\windows\system32\pr1ze5.dll
My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted
Infected files detected
c:\windows\system32\xcite.dll
c:\windows\system32\xcite.exe
Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}
HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} IMyWaySettings
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\0\win32 C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0\HELPDIR C:\Programme\MyWay\myBar\1.bin\
HKEY_CLASSES_ROOT\typelib\{0494d0d0-f8e0-41ad-92a3-14154ece70ac}\1.0 Toolbar 1.0 Type Library
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{0494d0d6-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeStartup
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{0494d0d4-f8e0-41ad-92a3-14154ece70ac} IMyWayBarNetscapeShutdown
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner autologin
http://ki.rd.myway.com/jsp/cfg_redir.jsp?id=KI&url=
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner cfg
http://ki.barcfg.myway.com/speedbar/myS ... ?s=al&p=KI
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner mywayurl
http://ki.search.myway.com/
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner name Altnet Points Manager
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner search
http://ki.bar.myway.com/KI/barsearch.ht ... searchfor=
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner uninstallurl
http://mcc.myway.com/jsp/baruninstall.jsp?id=KI
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id D1401481-974E-4B3B-B893-5962680FAAC9
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 198.13765
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 38
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL
http://ki.barcfg.myway.com/speedbar/myS ... ?s=al&p=KI
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2003071212
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Branding 10
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 0
HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\TypeLib {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{0494D0DC-F8E0-41AD-92A3-14154ECE70AC} _IMyWaySettingsEvents
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner test "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Home C:\Program Files\Altnet\Points Manager\Points Manager.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Points "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Redeem "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 2
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Wallet "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 3
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner PM-Settings "C:\Program Files\Altnet\Points Manager\Points Manager.exe" -p 4
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner autologin
http://ki.rd.myway.com/jsp/cfg_redir.jsp?id=KI&url=
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner bitmap C:\Programme\MyWay\myBar\1.bin\partner.bmp
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner cfg
http://ki.barcfg.myway.com/speedbar/myS ... ?s=al&p=KI
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner mywayurl
http://ki.search.myway.com/
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner name Altnet Points Manager
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner search
http://ki.bar.myway.com/KI/barsearch.ht ... searchfor=
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar\Partner uninstallurl
http://mcc.myway.com/jsp/baruninstall.jsp?id=KI
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Dir C:\Programme\MyWay\myBar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ShzmCurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Id D1401481-974E-4B3B-B893-5962680FAAC9
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Build 198.13765
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar CacheDir C:\Programme\MyWay\myBar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar HistoryDir C:\Programme\MyWay\myBar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar SettingsDir C:\Programme\MyWay\myBar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevision 38
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigRevisionURL
http://ki.barcfg.myway.com/speedbar/myS ... ?s=al&p=KI
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar ConfigDateStamp 2003071212
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Branding 10
HKEY_LOCAL_MACHINE\SOFTWARE\MyWay\myBar Maximized 0
C2.Lop Hijacker more information...
Details: Lop is a group of spyware and hijacker programs that set your Internet Explorer start page and search features to use the site lop.com ('Live Online Portal') or one of its clone sites.
Status: Deleted
Infected files detected
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\iegluzd.lib
Hotbar Toolbar more information...
Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer.
Status: Deleted
Infected files detected
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\country.exe
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\progress.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\btntrans.idx
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\btntrans1.dat
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\country.exe
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\icons2.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\progress.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\t2_bg.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\2\tsd_bg.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\country.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HostOI\static\1\progress.res
C:\Dokumente und Einstellungen\KOJIC MILAN\Anwendungsdaten\HbTools\v3.0\HostOI\static\2\progress.res
Infected registry entries detected
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA} IHbSkinsManager
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87} IDynamicProp
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464} IHbLicense
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD} IHbLfg2
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226} IHbHttpClient
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib {71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B} IHbXip
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\0\win32 C:\Programme\HbTools\Bin\4.7.0.0\HbtCoreSrv.dll
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0\HELPDIR C:\Programme\HbTools\Bin\4.7.0.0\
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}\1.0 HbCoreSrv 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools\HbTools\PI\3.2 PID00
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools\Hotbar\Install StartInstall 524187
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} Hotbar Information Window
INetBar Adware (General) more information...
Details: INetBar installs in Internet Explorer using a known user exploit via an ActiveX drive-by-download.
Status: Deleted
Infected files detected
C:\Dokumente und Einstellungen\KOJIC MILAN\Eigene Dateien\My eBooks\Neuer Ordner\inetbar15r5.exe
mIRC based Backdoor more information...
Status: Deleted
Infected files detected
C:\Dokumente und Einstellungen\KOJIC MISA\Desktop\Master-Script1.2\mirc.exe
C:\Dokumente und Einstellungen\KOJIC MISA\Desktop\Master-Script1.2\Addons\Bots\Floodbot\mirc.exe
C:\Dokumente und Einstellungen\KOJIC MISA\Desktop\Master-Script1.2\Addons\Bots\Idle-Bot\mirc.exe
C:\Program Files\mIRC\backup\mirc.exe
D:\Mischa\Müll\Master-Script1.2\Addons\Bots\Floodbot\mirc.exe
D:\Mischa\Müll\Master-Script1.2\Addons\Bots\Idle-Bot\mirc.exe
IRC.Backdoor.Trojan Backdoor more information...
Status: Deleted
Infected files detected
C:\Dokumente und Einstellungen\KOJIC MISA\Eigene Dateien\mirc\mirc.exe
MyNabyoo Surveillance (General) more information...
Details: My Nabyoo is an Internet Filter which effortlessly blocks and restricts Porn, Chat Programs, All P2P Software, Secretly Monitors PC activity and more.
Status: Deleted
Infected files detected
C:\Programme\LOADSTREET\Systerac XP Tools\URLHIST.tlb
AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted
Infected files detected
C:\Programme\Mozilla Firefox\plugins\al2np.dll
Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 0.8. C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.0 C:\Programme\Mozilla Firefox\Plugins
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.4 C:\Programme\Mozilla Firefox\plugins\
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_CLASSES_ROOT\AntiLeech.ALIE
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.3\alie.dll
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Mozilla, Opera, Netscape
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u
FirstLook Search Portal Adware (General) more information...
Details: Ad supported program that displays ads from Firstlook.com, a paid-placement search portal.
Status: Deleted
Infected files detected
C:\WINDOWS\NDNuninstall4_34.exe
ClearSearch Hijacker more information...
Details: ClearSearch is an adware component that periodically contacts the search site,
www.clrsch.com, for advertisement-tracking purposes.
Status: Deleted
Infected files detected
C:\WINDOWS\system\Update_RemoveOld.DLL
Infected registry entries detected
HKEY_CLASSES_ROOT\ie_clrsch.iehooks.1
HKEY_CLASSES_ROOT\ie_clrsch.iehooks.1\CLSID {947E6D5A-4B9F-4CF4-91B3-562CA8D03313}
HKEY_CLASSES_ROOT\ie_clrsch.iehooks.1 IEHooks Class
HKEY_CLASSES_ROOT\ie_clrsch.iehooks
HKEY_CLASSES_ROOT\ie_clrsch.iehooks\CLSID {947E6D5A-4B9F-4CF4-91B3-562CA8D03313}
HKEY_CLASSES_ROOT\ie_clrsch.iehooks\CurVer Ie_clrsch.IEHooks.1
HKEY_CLASSES_ROOT\ie_clrsch.iehooks IEHooks Class
HKEY_CLASSES_ROOT\interface\{a351d4b1-bf54-41f1-bec0-8a1c4ecd72c7}
HKEY_CLASSES_ROOT\interface\{a351d4b1-bf54-41f1-bec0-8a1c4ecd72c7}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a351d4b1-bf54-41f1-bec0-8a1c4ecd72c7}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a351d4b1-bf54-41f1-bec0-8a1c4ecd72c7}\TypeLib {95B3AF07-0E4F-4CDF-ACFD-3D4EFD9AEC0B}
HKEY_CLASSES_ROOT\interface\{a351d4b1-bf54-41f1-bec0-8a1c4ecd72c7}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{a351d4b1-bf54-41f1-bec0-8a1c4ecd72c7} IIEHooks
HKEY_CLASSES_ROOT\typelib\{95b3af07-0e4f-4cdf-acfd-3d4efd9aec0b}
HKEY_CLASSES_ROOT\typelib\{95b3af07-0e4f-4cdf-acfd-3d4efd9aec0b}\1.0\0\win32 C:\Programme\ClearSearch\IE_ClrSch.DLL
HKEY_CLASSES_ROOT\typelib\{95b3af07-0e4f-4cdf-acfd-3d4efd9aec0b}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{95b3af07-0e4f-4cdf-acfd-3d4efd9aec0b}\1.0\HELPDIR C:\Programme\ClearSearch\
HKEY_CLASSES_ROOT\typelib\{95b3af07-0e4f-4cdf-acfd-3d4efd9aec0b}\1.0 ie_clrsch 1.0 Type Library
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\InprocServer32 C:\Programme\ClearSearch\IE_ClrSch.DLL
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\ProgID Ie_clrsch.IEHooks.1
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\TypeLib {95B3AF07-0E4F-4CDF-ACFD-3D4EFD9AEC0B}
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313}\VersionIndependentProgID Ie_clrsch.IEHooks
HKEY_CLASSES_ROOT\clsid\{947e6d5a-4b9f-4cf4-91b3-562ca8d03313} IEHooks Class
EGroup Sex Dialer Porn Dialer more information...
Details: EGroup Sex Dialer is a program that changes your modem's dial-up settings and attempts to connect to a premium or international phone number to access adult material.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{b843da96-2b2d-447e-90ab-b92929aa11af}
HKEY_CLASSES_ROOT\clsid\{b843da96-2b2d-447e-90ab-b92929aa11af}\InprocServer32 C:\WINDOWS\System32\EGHTMLDialer.dll
HKEY_CLASSES_ROOT\clsid\{b843da96-2b2d-447e-90ab-b92929aa11af}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{b843da96-2b2d-447e-90ab-b92929aa11af}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{b843da96-2b2d-447e-90ab-b92929aa1
von muh am 15.09.2006, 13:37 