Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Name:Adware/Yontoo.A.13
Entdeckt am:17/01/2012
Art:Adware
In freier Wildbahn:Nein
Gemeldete Infektionen:Niedrig
Verbreitungspotenzial:Niedrig
Schadenspotenzial:Niedrig
VDF Version:7.11.21.72 - Dienstag, 17. Januar 2012
IVDF Version:7.11.21.72 - Dienstag, 17. Januar 2012

 Allgemein Betriebsysteme:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

 Dateien Es wird folgende Datei erstellt:

%PROGRAM FILES%\Yontoo Layers\YontooIEClient.dll

 Registry Es wird ein browser helper object (BHO) registriert indem folgende keys hinzugefgt werden:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
   • @="Yontoo Layers"
   • "NoExplorer"=dword:00000001

[HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
   • @="Yontoo Layers"

[HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32]
   • @="C:\Programme\\Yontoo Layers\\YontooIEClient.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ProgID]
   • @="YontooIEClient.Layers.1"

[HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\TypeLib]
   • @="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

[HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
   VersionIndependentProgID]
   • @="YontooIEClient.Layers"
   •

[HKCR\YontooIEClient.Layers.1]
   • @="Yontoo Layers"

[HKCR\YontooIEClient.Layers.1\CLSID]
   • @="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

HKCR\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}]
   • @="37af454d-7aee-4647-b526-55739782ced1"

[HKCR\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
   • @="YontooIEClient"

[HKCR\AppID\YontooIEClient.DLL]
   • "AppID"="{CFDAFE39-20CE-451D-BD45-A37452F39CF0}"

[HKCR\YontooIEClient.Api]
   • @="Yontoo Layers Api"
   •

[HKCR\YontooIEClient.Api\CLSID]
   • @="{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}"

[HKCR\YontooIEClient.Api\CurVer]
   • @="YontooIEClient.Api.1"

[HKCR\YontooIEClient.Api.1]
   • @="Yontoo Layers Api"

[HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
   • @="Yontoo Layers Api"

[HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32]
   • @="C:\Programme\\Yontoo Layers\\YontooIEClient.dll"
   • "ThreadingModel"="Apartment"

[HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\
   VersionIndependentProgID]
   • @="YontooIEClient.Api"

[HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID]
   • @="YontooIEClient.Api.1"

[HKCR\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\TypeLib]
   • @="{D372567D-67C1-4B29-B3F0-159B52B3E967}"

[HKCR\YontooIEClient.Layers]
   • @="Yontoo Layers"

[HKCR\YontooIEClient.Layers\CLSID]
   • @="{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"

[HKCR\YontooIEClient.Layers\CurVer]
   • @="YontooIEClient.Layers.1"

[HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0]
   • @="YontooIEClient 1.0 Type Library"

[HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0\win32]
   • @="C:\Programme\\Yontoo Layers\\YontooIEClient.dll"

[HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\FLAGS]
   • @="0"
   •

[HKCR\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\HELPDIR]
   • @="C:\Programme\\Yontoo Layers"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
   • @="IApi"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\NumMethods]
   • @="16"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   ProxyStubClsid]
   • @="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   ProxyStubClsid32]
   • @="{10DE7085-6A1E-4D41-A7BF-9AF93E351401}"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib]
   • @="{D372567D-67C1-4B29-B3F0-159B52B3E967}"
   • "Version"="1.0"

[HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
   • @="PSFactoryBuffer"

[HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32]
   • @="C:\Programme\\Yontoo Layers\\YontooIEClient.dll"
   • "ThreadingModel"="Both"

[HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
   • @="ILayers"

[HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\NumMethods]
   • @="7"

[HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   ProxyStubClsid]
   • @="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\
   ProxyStubClsid32
   • @="{10DE7085-6A1E-4D41-A7BF-9AF93E351401}"

[HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib]
   • @="{D372567D-67C1-4B29-B3F0-159B52B3E967}"
   • "Version"="1.0"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
   • @="IApi"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\NumMethods]
   • @="16"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   ProxyStubClsid]
   • @="{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\
   ProxyStubClsid32]
   • @="{10DE7085-6A1E-4D41-A7BF-9AF93E351401}"

[HKCR\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib]
   • @="{D372567D-67C1-4B29-B3F0-159B52B3E967}"
   • "Version"="1.0"

[HKCR\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
   • @="b351d4c7-84f5-41a5-a6aa-f4837dd8ae49"



Folgende Registryschlssel werden hinzugefgt:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
   {889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
   • [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
   • "UninstallString"="%ALLUSERSPROFILE%\\ANWEND~1\\TARMAI~1\\{889DF~1\\Setup.exe /remove /q0"
   • "QuietUninstallString"="%ALLUSERSPROFILE%\\ANWEND~1\\TARMAI~1\\{889DF~1\\Setup.exe /remove /q"
   • "ModifyPath"="%ALLUSERSPROFILE%\\ANWEND~1\\TARMAI~1\\{889DF~1\\Setup.exe /q0"
   • "Version"=dword:010a0001
   • "VersionMajor"=dword:00000001
   • "VersionMinor"=dword:0000000a
   • "EstimatedSize"=dword:000002c7
   • "Language"=dword:00000409
   • "TSAware"=dword:00000001
   • "TinFolder"="%ALLUSERSPROFILE%\\Anwendungsdaten\\Tarma Installer\\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"
   • "TinVersion"="5021"
   • "InstallDate"="20110906"
   • "InstallLocation"="C:\Program Files\\Yontoo Layers"
   • "InstallSource"="C:\xxx"
   • "DisplayIcon"="%ALLUSERSPROFILE%\\Anwendungsdaten\\Tarma Installer\\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\\Setup.ico"
   • "DisplayName"="Yontoo Layers 1.10.01"
   • "DisplayVersion"="1.10.01"
   • "Publisher"=""
   • "URLInfoAbout"=""
   • "Contact"="support@yontoo.com"
   •

[HKLM\SOFTWARE\Google\Chrome\Extensions\
   niapdbllcanepiiimjjndipklodoedlc]
   • "path"="C:\Temp\\YontooLayers.crx"
   • "version"="1.0.0"

 Hintertr Kontaktiert Server:
Alle der folgenden:
   • www.yontoo.com
   • download.yontoo.com


Die Beschreibung wurde erstellt von Jan-Eric Herting am Freitag, 17. Februar 2012
Die Beschreibung wurde geändert von Andrei Ivanes am Mittwoch, 4. April 2012

zurück . . . .