O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m6ju0g19e6.dll |
||
---|---|---|
#0
| ||
03.06.2005, 18:41
...neu hier
Beiträge: 7 |
||
|
||
05.06.2005, 13:19
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@BlueAngel200
einzelne "exe" ueberpruefen http://www.virustotal.com/flash/index_en.html • Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen http://virusscan.jotti.org/de/ Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten C:\WINDOWS\system32\igfxsrvc.dll C:\WINDOWS\system32\igfxtray.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\ps2.exe #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m6ju0g19e6.dll PC neustarten arbeite das bitte punkt fuer Punkt ab und poste alles, http://virus-protect.org/L2mfix.html dnach mache eine Onlinescan mit PANDA + berichte (wenn dein ANRIVIRUS "meckert"--> nicht beachten http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
06.06.2005, 20:24
...neu hier
Themenstarter Beiträge: 7 |
#3
Hallo Sabina, vielen Dank fuer Deine Hilfe!!
Hier meine Ergebnise: den ersten punkt, ich weiss leider nicht welche exe-dateien gemeint sind- deswegen hab ich den noch nicht gemacht. 2. Punkt habe ich gemacht, ALLE files waren virenfrei. 3. alle files gefixed bis auf die 020, weil die ploetzlich nicht mehr in meinem Log auftaucht! 4. hier meine Ergebnise von L2mfix: L2MFIX find log 1.02b These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\gp6ml3j11.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{49690D94-04F2-5F83-E517-8901FE3E8941}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{A9373222-2934-4852-9BDB-1328E3E4ABAB}"="" "{C31B36DB-6332-440B-A12F-465CE6B06E6C}"="" "{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}"="" "{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"="" "{216DCBDA-A5D9-490F-8102-4FD10999AA57}"="" "{346F3D22-0C4D-41D2-AF17-87606258A222}"="" "{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}"="" "{061BFF0D-2618-4C6C-AA78-9064F55A6C73}"="" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail" "{785E39BF-3A7A-4E70-AD07-379E976F94DD}"="" "{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}"="" "{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}"="" "{2BD8E89F-A902-4BFA-A377-3933CD38A04A}"="" "{D52CC0C0-A183-448E-9F69-E2BC96502DE3}"="" "{359D04D9-FD1F-4606-981B-448CD85AB6CC}"="" "{0AF9B593-43D4-4398-A195-A976D8EC3833}"="" "{ED76051A-ADFC-463F-A632-4E350A1BD4EA}"="" "{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}"="" "{CE69A826-2E69-4514-85BF-D20601885770}"="" "{614478F8-69CD-4397-983D-EBC674E62C97}"="" "{53C464BF-3DB5-4241-8C94-346993301C5F}"="" "{46D84907-CF5A-4894-8B9F-BBDEEF160637}"="" "{7EFA76E4-36C5-4C19-8A1D-C373619F250E}"="" "{1567430D-35EA-4726-88AD-5011044B7995}"="" "{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}"="" "{75AF8F87-079B-46C8-A445-6F9FD3925005}"="" "{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}"="" "{2692FDEC-526F-4178-8617-E66CACB8E8C4}"="" "{7B52D779-9D0E-4720-9CF9-75DCB1E57449}"="" "{6DBD7268-B392-496D-AA31-CF94ED34F776}"="" "{C7B142D1-112D-4B60-BD18-13C78EF2845D}"="" "{5D04164D-A610-4CB8-8901-B0A0A0689D83}"="" "{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}"="" "{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}"="" "{91295406-F1FD-4429-9314-F77263D15660}"="" "{1A275532-22FB-4017-AE5A-50CD2B334153}"="" "{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}"="" "{DFAF3108-9061-4925-B134-942DB14FBF78}"="" "{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}"="" "{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}"="" "{DE79643E-3728-4222-A47F-CD8DB02BECBF}"="" "{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}"="" "{E4482033-AD35-485B-BC00-0ED125608C62}"="" "{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}"="" "{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}"="" "{7326B120-F4DE-4D13-ADAE-601F61147E10}"="" "{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}"="" "{F975381F-D94C-4B12-94F3-147EDFC39114}"="" "{50EEECD7-8567-4353-A00D-35C06B348043}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}] @="" "IDEx"="BM2" [HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\InprocServer32] @="C:\\WINDOWS\\system32\\mxdxmlc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}] @="" [HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}] @="" [HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\InprocServer32] @="C:\\WINDOWS\\system32\\pKutoenr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\InprocServer32] @="C:\\WINDOWS\\system32\\wedconns.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}] @="" [HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}] @="" [HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\InprocServer32] @="C:\\WINDOWS\\system32\\wlsdmoe2.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}] @="" [HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\InprocServer32] @="C:\\WINDOWS\\system32\\wcadss.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}] @="" [HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\InprocServer32] @="C:\\WINDOWS\\system32\\skcurity.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}] @="" [HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\InprocServer32] @="C:\\WINDOWS\\system32\\mgdimap.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}] @="" [HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\InprocServer32] @="C:\\WINDOWS\\system32\\fosdrv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}] @="" [HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvidctl.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}] @="" [HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\InprocServer32] @="C:\\WINDOWS\\system32\\ssorage.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}] @="" [HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\InprocServer32] @="C:\\WINDOWS\\system32\\mK28lafu1d28.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}] @="" [HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\InprocServer32] @="C:\\WINDOWS\\system32\\mxsign32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}] @="" [HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\InprocServer32] @="C:\\WINDOWS\\system32\\mxxmlr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\InprocServer32] @="C:\\WINDOWS\\system32\\wid_ci.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}] @="" [HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\InprocServer32] @="C:\\WINDOWS\\system32\\shmpapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}] @="" [HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\InprocServer32] @="C:\\WINDOWS\\system32\\svrstr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}] @="" [HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\InprocServer32] @="C:\\WINDOWS\\system32\\skoolss.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}] @="" [HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\InprocServer32] @="C:\\WINDOWS\\system32\\tlpelib.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}] @="" [HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\InprocServer32] @="C:\\WINDOWS\\system32\\fDultrep.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}] @="" [HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\InprocServer32] @="C:\\WINDOWS\\system32\\dxprop.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}] @="" [HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\InprocServer32] @="C:\\WINDOWS\\system32\\ipakeng.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\InprocServer32] @="C:\\WINDOWS\\system32\\sjcfiles.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}] @="" [HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\InprocServer32] @="C:\\WINDOWS\\system32\\krdhept.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}] @="" [HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}] @="" [HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\InprocServer32] @="C:\\WINDOWS\\system32\\dkskmon.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}] @="" [HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\InprocServer32] @="C:\\WINDOWS\\system32\\mqrepl40.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\InprocServer32] @="C:\\WINDOWS\\system32\\MEC71CHT.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}] @="" [HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\InprocServer32] @="C:\\WINDOWS\\system32\\mwltus40.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}] @="" [HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\InprocServer32] @="C:\\WINDOWS\\system32\\myxml3a.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}] @="" [HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\InprocServer32] @="C:\\WINDOWS\\system32\\ciiconfg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}] @="" [HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\InprocServer32] @="C:\\WINDOWS\\system32\\fzst30.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}] @="" [HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\InprocServer32] @="C:\\WINDOWS\\system32\\rdcrt4.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\InprocServer32] @="C:\\WINDOWS\\system32\\miw3prt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}] @="" [HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\InprocServer32] @="C:\\WINDOWS\\system32\\sylwoa.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}] @="" [HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\InprocServer32] @="C:\\WINDOWS\\system32\\sobiop.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}] @="" [HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\InprocServer32] @="C:\\WINDOWS\\system32\\denmpntw.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}] @="" [HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\InprocServer32] @="C:\\WINDOWS\\system32\\pnwrprof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}] @="" [HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}\InprocServer32] @="C:\\WINDOWS\\system32\\sssinv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}] @="" [HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}\InprocServer32] @="C:\\WINDOWS\\system32\\hdj2051oe.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}] @="" [HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}\InprocServer32] @="C:\\WINDOWS\\system32\\donput.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}] @="" [HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}\InprocServer32] @="C:\\WINDOWS\\system32\\mjrepl40.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}] @="" [HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}\InprocServer32] @="C:\\WINDOWS\\system32\\epcapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}] @="" [HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}\InprocServer32] @="C:\\WINDOWS\\system32\\cqrsrv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}] @="" [HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}] @="" [HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}\InprocServer32] @="C:\\WINDOWS\\system32\\wwpencen.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}] @="" [HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}\InprocServer32] @="C:\\WINDOWS\\system32\\mutlsapi.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Thu Mar 10 2005 3:02:34a A.... 1,016,832 993.00 K cdfview.dll Thu Mar 10 2005 3:02:34a A.... 151,040 147.50 K ciiconfg.dll Sun May 29 2005 11:14:36a ..S.R 232,896 227.44 K cqrsrv.dll Sat Jun 4 2005 10:35:08a ..S.R 233,949 228.46 K denmpntw.dll Wed Jun 1 2005 9:30:38a ..S.R 232,896 227.44 K dkskmon.dll Sat May 21 2005 9:29:26p ..S.R 234,695 229.19 K donput.dll Thu Jun 2 2005 11:30:24p ..S.R 232,896 227.44 K dxprop.dll Tue May 17 2005 12:01:42p ..S.R 235,218 229.70 K epcapi.dll Fri Jun 3 2005 9:14:16p ..S.R 232,896 227.44 K f4j2le~1.dll Fri May 27 2005 1:50:08a ..S.R 235,218 229.70 K fdultrep.dll Mon May 16 2005 10:22:36a ..S.R 234,695 229.19 K fosdrv.dll Sun May 8 2005 2:17:30p ..S.R 234,695 229.19 K fzst30.dll Fri May 27 2005 2:53:20p ..S.R 232,896 227.44 K gp06l3~1.dll Fri Jun 3 2005 7:35:22a ..S.R 232,896 227.44 K gp0ul3~1.dll Sat May 7 2005 11:07:08a ..S.R 235,115 229.60 K gp6ml3~1.dll Sun Jun 5 2005 11:44:02a ..S.R 233,949 228.46 K h40q0e~1.dll Mon Jun 6 2005 12:18:44p ..S.R 233,156 227.69 K hdj205~1.dll Fri Jun 3 2005 3:40:12p ..S.R 232,896 227.44 K hrj205~1.dll Sun Apr 10 2005 11:50:12a ..S.R 234,680 229.18 K hrj605~1.dll Fri May 27 2005 2:53:20p ..S.R 233,511 228.04 K iepeers.dll Thu Mar 10 2005 3:02:34a A.... 250,880 245.00 K inseng.dll Thu Mar 10 2005 3:02:34a A.... 96,256 94.00 K ipakeng.dll Wed May 18 2005 10:20:22a ..S.R 234,695 229.19 K jtl607~1.dll Tue Apr 5 2005 6:36:30p ..S.R 234,747 229.24 K krdhept.dll Fri May 20 2005 12:17:52p ..S.R 234,695 229.19 K ktlul7~1.dll Thu Apr 7 2005 11:15:36a ..S.R 233,248 227.78 K m028la~1.dll Sat Apr 9 2005 5:04:00p ..S.R 233,248 227.78 K mec71cht.dll Tue May 24 2005 10:58:02a ..S.R 235,218 229.70 K mgdimap.dll Mon May 2 2005 11:41:32a ..S.R 235,115 229.60 K miw3prt.dll Mon May 30 2005 11:35:12a ..S.R 232,896 227.44 K mjrepl40.dll Fri Jun 3 2005 5:19:22p ..S.R 233,949 228.46 K mjvidctl.dll Mon May 9 2005 11:10:18a ..S.R 234,695 229.19 K mk28la~1.dll Tue May 10 2005 2:21:16p ..S.R 234,695 229.19 K mqrepl40.dll Mon May 23 2005 12:20:12p ..S.R 234,695 229.19 K mshtml.dll Thu Mar 10 2005 3:02:34a A.... 3,010,560 2.87 M msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M msihnd.dll Mon Mar 21 2005 3:00:22p A.... 271,360 265.00 K msimsg.dll Mon Mar 21 2005 3:00:22p A.... 884,736 864.00 K msisip.dll Mon Mar 21 2005 3:00:22p A.... 15,360 15.00 K msrating.dll Thu Mar 10 2005 3:02:34a A.... 146,432 143.00 K mutlsapi.dll Mon Jun 6 2005 12:20:36p ..S.R 233,949 228.46 K mv20l9~1.dll Tue Apr 12 2005 8:19:32a ..S.R 234,680 229.18 K mwltus40.dll Wed May 25 2005 10:11:18a ..S.R 234,996 229.49 K mxsign32.dll Wed May 11 2005 11:20:46a ..S.R 234,695 229.19 K mxxmlr.dll Thu May 12 2005 11:25:18a ..S.R 234,695 229.19 K myxml3a.dll Thu May 26 2005 8:43:08p ..S.R 235,218 229.70 K pnwrprof.dll Wed Jun 1 2005 10:04:04a ..S.R 232,896 227.44 K rdcrt4.dll Sat May 28 2005 11:42:48p ..S.R 232,896 227.44 K shdocvw.dll Thu Mar 10 2005 3:02:34a A.... 1,483,264 1.41 M shlwapi.dll Thu Mar 10 2005 3:02:34a A.... 473,600 462.50 K shmpapi.dll Sat May 14 2005 10:43:06a ..S.R 234,695 229.19 K sjcfiles.dll Thu May 19 2005 9:53:38a ..S.R 235,218 229.70 K skcurity.dll Mon Apr 25 2005 8:57:38p ..S.R 234,680 229.18 K skoolss.dll Sun May 15 2005 12:35:54p ..S.R 234,695 229.19 K sobiop.dll Tue May 31 2005 10:12:36p ..S.R 232,896 227.44 K spmsg.dll Wed May 4 2005 2:45:26p ..... 13,536 13.22 K ssorage.dll Tue May 10 2005 9:36:38a ..S.R 234,695 229.19 K sssinv.dll Thu Jun 2 2005 1:35:12p ..S.R 232,896 227.44 K svrstr.dll Sat May 14 2005 10:26:06p ..S.R 234,695 229.19 K sylwoa.dll Tue May 31 2005 8:30:10a ..S.R 232,896 227.44 K tlpelib.dll Sun May 15 2005 3:09:56p ..S.R 235,218 229.70 K urlmon.dll Thu Mar 10 2005 3:02:36a A.... 607,744 593.50 K wcadss.dll Wed Apr 20 2005 10:07:54p ..S.R 234,680 229.18 K wedconns.dll Sat Apr 9 2005 4:31:56p ..S.R 233,248 227.78 K wid_ci.dll Fri May 13 2005 10:33:12a ..S.R 234,695 229.19 K wininet.dll Thu Mar 10 2005 3:02:36a A.... 656,896 641.50 K wlsdmoe2.dll Fri Apr 15 2005 3:48:24p ..S.R 234,680 229.18 K wwpencen.dll Sat Jun 4 2005 11:06:28p ..S.R 234,804 229.30 K 68 items found: 68 files (53 H/S), 0 directories. Total of file sizes: 24,378,501 bytes 23.25 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in drive C is HP_PAVILION Volume Seri*hier nicht!* Number is 28FB-76ED Directory of C:\WINDOWS\System32 06/06/2005 12:20 PM 233,949 mutlsapi.dll 06/06/2005 12:18 PM 233,156 h40q0ed5eh0.dll 06/05/2005 11:44 AM 233,949 gp6ml3j11.dll 06/04/2005 11:06 PM 234,804 wwpencen.dll 06/04/2005 10:35 AM 233,949 cqrsrv.dll 06/03/2005 09:14 PM 232,896 epcapi.dll 06/03/2005 05:19 PM 233,949 mjrepl40.dll 06/03/2005 03:40 PM 232,896 hdj2051oe.dll 06/03/2005 07:35 AM 232,896 gp06l3ds1.dll 06/02/2005 11:30 PM 232,896 donput.dll 06/02/2005 01:35 PM 232,896 sssinv.dll 06/01/2005 10:04 AM 232,896 pnwrprof.dll 06/01/2005 09:30 AM 232,896 denmpntw.dll 05/31/2005 10:12 PM 232,896 sobiop.dll 05/31/2005 08:30 AM 232,896 sylwoa.dll 05/30/2005 11:35 AM 232,896 miw3prt.dll 05/29/2005 11:14 AM 232,896 ciiconfg.dll 05/28/2005 11:42 PM 232,896 rdcrt4.dll 05/27/2005 02:53 PM 232,896 fzst30.dll 05/27/2005 02:53 PM 233,511 hrj6051se.dll 05/27/2005 01:50 AM 235,218 f4j2le1o1h.dll 05/26/2005 08:43 PM 235,218 myxml3a.dll 05/25/2005 10:11 AM 234,996 mwltus40.dll 05/24/2005 10:58 AM 235,218 MEC71CHT.DLL 05/23/2005 12:20 PM 234,695 mqrepl40.dll 05/21/2005 09:29 PM 234,695 dkskmon.dll 05/20/2005 12:17 PM 234,695 krdhept.dll 05/19/2005 09:53 AM 235,218 sjcfiles.dll 05/19/2005 12:16 AM <DIR> dllcache 05/18/2005 10:20 AM 234,695 ipakeng.dll 05/17/2005 12:01 PM 235,218 dxprop.dll 05/16/2005 10:22 AM 234,695 fDultrep.dll 05/15/2005 03:09 PM 235,218 tlpelib.dll 05/15/2005 12:35 PM 234,695 skoolss.dll 05/14/2005 10:26 PM 234,695 svrstr.dll 05/14/2005 10:43 AM 234,695 shmpapi.dll 05/13/2005 10:33 AM 234,695 wid_ci.dll 05/12/2005 11:25 AM 234,695 mxxmlr.dll 05/11/2005 11:20 AM 234,695 mxsign32.dll 05/10/2005 02:21 PM 234,695 mK28lafu1d28.dll 05/10/2005 09:36 AM 234,695 ssorage.dll 05/09/2005 11:10 AM 234,695 mjvidctl.dll 05/08/2005 02:17 PM 234,695 fosdrv.dll 05/07/2005 11:07 AM 235,115 gp0ul3d91.dll 05/02/2005 11:41 AM 235,115 mgdimap.dll 04/25/2005 08:57 PM 234,680 skcurity.dll 04/20/2005 10:07 PM 234,680 wcadss.dll 04/15/2005 03:48 PM 234,680 wlsdmoe2.dll 04/12/2005 08:19 AM 234,680 mv20l9fm1.dll 04/10/2005 11:50 AM 234,680 hrj2051oe.dll 04/09/2005 05:03 PM 233,248 m028lafu1d28.dll 04/09/2005 04:31 PM 233,248 wedconns.dll 04/07/2005 11:15 AM 233,248 ktlul7391.dll 04/05/2005 06:36 PM 234,747 jtl6073se.dll 01/18/2005 05:00 PM 56 245ED74026.sys 01/18/2005 05:00 PM 1,682 KGyGaAvL.sys 08/11/2004 08:15 PM <DIR> Microsoft 55 File(s) 12,411,503 bytes 2 Dir(s) 9,315,418,112 bytes free ______________________________________________________________________ RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C access for really "Everyone" - adding new ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- Everyone (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Setting up for Reboot Starting Reboot! C:\Documents and Settings\Angela\Desktop\l2mfix System Rebooted! Running From: C:\Documents and Settings\Angela\Desktop\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1776 'explorer.exe' Killing PID 1776 'explorer.exe' Killing PID 1776 'explorer.exe' Killing PID 1776 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1556 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Zipping up files for submission: adding: clear.reg (140 bytes security) (deflated 72%) adding: echo.reg (140 bytes security) (deflated 9%) adding: direct.txt (140 bytes security) (stored 0%) adding: lo2.txt (140 bytes security) (deflated 74%) adding: readme.txt (140 bytes security) (deflated 49%) adding: report.txt (140 bytes security) (deflated 78%) adding: test.txt (140 bytes security) (deflated 84%) adding: test2.txt (140 bytes security) (deflated 50%) adding: test3.txt (140 bytes security) (deflated 50%) adding: test5.txt (140 bytes security) (deflated 50%) adding: backregs/005A89C2-AE24-4C65-91E4-1A30DA75F9A3.reg (140 bytes security) (deflated 70%) adding: backregs/00F60C95-0B4A-4ADC-AF26-5260366EB6B3.reg (140 bytes security) (deflated 70%) adding: backregs/061BFF0D-2618-4C6C-AA78-9064F55A6C73.reg (140 bytes security) (deflated 70%) adding: backregs/0AF9B593-43D4-4398-A195-A976D8EC3833.reg (140 bytes security) (deflated 70%) adding: backregs/1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA.reg (140 bytes security) (deflated 70%) adding: backregs/1567430D-35EA-4726-88AD-5011044B7995.reg (140 bytes security) (deflated 70%) adding: backregs/1A275532-22FB-4017-AE5A-50CD2B334153.reg (140 bytes security) (deflated 70%) adding: backregs/216DCBDA-A5D9-490F-8102-4FD10999AA57.reg (140 bytes security) (deflated 70%) adding: backregs/2692FDEC-526F-4178-8617-E66CACB8E8C4.reg (140 bytes security) (deflated 70%) adding: backregs/2BD8E89F-A902-4BFA-A377-3933CD38A04A.reg (140 bytes security) (deflated 70%) adding: backregs/2F116526-4361-476E-A6F5-B0DC5ED31D5C.reg (140 bytes security) (deflated 70%) adding: backregs/346F3D22-0C4D-41D2-AF17-87606258A222.reg (140 bytes security) (deflated 70%) adding: backregs/359D04D9-FD1F-4606-981B-448CD85AB6CC.reg (140 bytes security) (deflated 70%) adding: backregs/46D84907-CF5A-4894-8B9F-BBDEEF160637.reg (140 bytes security) (deflated 70%) adding: backregs/50EEECD7-8567-4353-A00D-35C06B348043.reg (140 bytes security) (deflated 70%) adding: backregs/53C464BF-3DB5-4241-8C94-346993301C5F.reg (140 bytes security) (deflated 70%) adding: backregs/54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF.reg (140 bytes security) (deflated 70%) adding: backregs/5A29374A-F94A-485C-B0F9-E365D8E1E8CA.reg (140 bytes security) (deflated 70%) adding: backregs/5D04164D-A610-4CB8-8901-B0A0A0689D83.reg (140 bytes security) (deflated 70%) adding: backregs/614478F8-69CD-4397-983D-EBC674E62C97.reg (140 bytes security) (deflated 70%) adding: backregs/628BB7CA-5CFB-4F46-AE81-DA6BD9455D00.reg (140 bytes security) (deflated 70%) adding: backregs/643C23A8-0B62-4FB9-BDFE-8FAE438687A5.reg (140 bytes security) (deflated 70%) adding: backregs/6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F.reg (140 bytes security) (deflated 70%) adding: backregs/6C177A40-4CBC-449A-AEF6-CC8D07F6AA1B.reg (140 bytes security) (deflated 70%) adding: backregs/6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E.reg (140 bytes security) (deflated 70%) adding: backregs/6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD.reg (140 bytes security) (deflated 70%) adding: backregs/6DBD7268-B392-496D-AA31-CF94ED34F776.reg (140 bytes security) (deflated 70%) adding: backregs/7326B120-F4DE-4D13-ADAE-601F61147E10.reg (140 bytes security) (deflated 70%) adding: backregs/75AF8F87-079B-46C8-A445-6F9FD3925005.reg (140 bytes security) (deflated 70%) adding: backregs/785E39BF-3A7A-4E70-AD07-379E976F94DD.reg (140 bytes security) (deflated 70%) adding: backregs/7B52D779-9D0E-4720-9CF9-75DCB1E57449.reg (140 bytes security) (deflated 70%) adding: backregs/7EFA76E4-36C5-4C19-8A1D-C373619F250E.reg (140 bytes security) (deflated 70%) adding: backregs/80133EDF-AF85-4F1C-9E26-F1F8333E74BD.reg (140 bytes security) (deflated 70%) adding: backregs/91295406-F1FD-4429-9314-F77263D15660.reg (140 bytes security) (deflated 70%) adding: backregs/A9373222-2934-4852-9BDB-1328E3E4ABAB.reg (140 bytes security) (deflated 69%) adding: backregs/AC9FCC1E-6B2C-4868-AC54-C9845C123C23.reg (140 bytes security) (deflated 70%) adding: backregs/B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80.reg (140 bytes security) (deflated 70%) adding: backregs/C31B36DB-6332-440B-A12F-465CE6B06E6C.reg (140 bytes security) (deflated 70%) adding: backregs/C7B142D1-112D-4B60-BD18-13C78EF2845D.reg (140 bytes security) (deflated 70%) adding: backregs/CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4.reg (140 bytes security) (deflated 70%) adding: backregs/CE69A826-2E69-4514-85BF-D20601885770.reg (140 bytes security) (deflated 70%) adding: backregs/CF1DCB70-2191-4660-BB70-D8154FF3E2EE.reg (140 bytes security) (deflated 70%) adding: backregs/D52CC0C0-A183-448E-9F69-E2BC96502DE3.reg (140 bytes security) (deflated 70%) adding: backregs/DE79643E-3728-4222-A47F-CD8DB02BECBF.reg (140 bytes security) (deflated 70%) adding: backregs/DFAF3108-9061-4925-B134-942DB14FBF78.reg (140 bytes security) (deflated 70%) adding: backregs/E4482033-AD35-485B-BC00-0ED125608C62.reg (140 bytes security) (deflated 70%) adding: backregs/ED76051A-ADFC-463F-A632-4E350A1BD4EA.reg (140 bytes security) (deflated 70%) adding: backregs/F975381F-D94C-4B12-94F3-147EDFC39114.reg (140 bytes security) (deflated 70%) adding: backregs/FFBC018A-3FBC-4C76-BA39-857AC8A3D127.reg (140 bytes security) (deflated 70%) adding: backregs/shell.reg (140 bytes security) (deflated 72%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for really "Everyone" Warning (option /rge) - There is no ACE to remove! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\h40q0ed5eh0.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{A9373222-2934-4852-9BDB-1328E3E4ABAB}"=- "{C31B36DB-6332-440B-A12F-465CE6B06E6C}"=- "{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}"=- "{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"=- "{216DCBDA-A5D |
|
|
||
07.06.2005, 00:09
Ehrenmitglied
Beiträge: 29434 |
#4
{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"=-
"{216DCBDA-A5D9-490F-8102-4FD10999AA57}"=- "{346F3D22-0C4D-41D2-AF17-87606258A222}"=- "{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}"=- "{061BFF0D-2618-4C6C-AA78-9064F55A6C73}"=- "{785E39BF-3A7A-4E70-AD07-379E976F94DD}"=- "{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}"=- "{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}"=- "{2BD8E89F-A902-4BFA-A377-3933CD38A04A}"=- "{D52CC0C0-A183-448E-9F69-E2BC96502DE3}"=- "{359D04D9-FD1F-4606-981B-448CD85AB6CC}"=- "{0AF9B593-43D4-4398-A195-A976D8EC3833}"=- "{ED76051A-ADFC-463F-A632-4E350A1BD4EA}"=- "{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}"=- "{CE69A826-2E69-4514-85BF-D20601885770}"=- "{614478F8-69CD-4397-983D-EBC674E62C97}"=- "{53C464BF-3DB5-4241-8C94-346993301C5F}"=- "{46D84907-CF5A-4894-8B9F-BBDEEF160637}"=- "{7EFA76E4-36C5-4C19-8A1D-C373619F250E}"=- "{1567430D-35EA-4726-88AD-5011044B7995}"=- "{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}"=- "{75AF8F87-079B-46C8-A445-6F9FD3925005}"=- "{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}"=- "{2692FDEC-526F-4178-8617-E66CACB8E8C4}"=- "{7B52D779-9D0E-4720-9CF9-75DCB1E57449}"=- "{6DBD7268-B392-496D-AA31-CF94ED34F776}"=- "{C7B142D1-112D-4B60-BD18-13C78EF2845D}"=- "{5D04164D-A610-4CB8-8901-B0A0A0689D83}"=- "{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}"=- "{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}"=- "{91295406-F1FD-4429-9314-F77263D15660}"=- "{1A275532-22FB-4017-AE5A-50CD2B334153}"=- "{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}"=- "{DFAF3108-9061-4925-B134-942DB14FBF78}"=- "{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}"=- "{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}"=- "{DE79643E-3728-4222-A47F-CD8DB02BECBF}"=- "{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}"=- "{E4482033-AD35-485B-BC00-0ED125608C62}"=- "{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}"=- "{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}"=- "{7326B120-F4DE-4D13-ADAE-601F61147E10}"=- "{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}"=- "{F975381F-D94C-4B12-94F3-147EDFC39114}"=- "{50EEECD7-8567-4353-A00D-35C06B348043}"=- "{6C177A40-4CBC-449A-AEF6-CC8D07F6AA1B}"=- [-HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}] [-HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}] [-HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}] [-HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}] [-HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}] [-HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}] [-HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}] [-HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}] [-HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}] [-HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}] [-HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}] [-HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}] [-HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}] [-HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}] [-HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}] [-HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}] [-HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}] [-HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}] [-HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}] [-HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}] [-HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}] [-HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}] [-HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}] [-HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}] [-HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}] [-HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}] [-HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}] [-HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}] [-HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}] [-HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}] [-HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}] [-HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}] [-HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}] [-HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}] [-HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}] [-HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}] [-HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}] [-HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}] [-HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}] [-HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}] [-HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}] [-HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}] [-HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}] [-HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}] [-HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}] [-HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}] [-HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}] [-HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}] [-HKEY_CLASSES_ROOT\CLSID\{6C177A40-4CBC-449A-AEF6-CC8D07F6AA1B}] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Panda laeuft noch, hat aber schon 10 files gefunden. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.06.2005, 01:39
Ehrenmitglied
Beiträge: 29434 |
#5
Hallo@BlueAngel200
CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html reinkopieren : (ich hoffe, der pfad ist korrekt) C:\MyFunCardsFWBInitialSetup1.0.0.8[1].cab •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes" PC neustarten Bitte das ganze noch einmal,(L2MFIX) aber dann bitte alles posten,der PC ist /war voellig verseucht und ich muss sehen, ob das Tool loescht oder du manuell loeschen musst...also bitte alles noch einmal __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
07.06.2005, 20:23
...neu hier
Themenstarter Beiträge: 7 |
#6
oki, habe alles gemacht was du gesagt hast. Allerdings ging gestern gar nichts mehr. Habe mit einem Programm versucht viren zu loeschen und nach dem reboot hat er mir zuerst den "Acsess denied" zu meinem Account und als es dann doch ging oeffnete sich IE am laufenden Band von selber mit wirren Seiten. Wir haben ein System recovery gemacht zum stand von anfang des Monats und von da aus hab ich nun alle deine Anweisungen befolgt. Also hier die Reports.
L2MFIX find log 1.02b These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\kt28l7fu1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{49690D94-04F2-5F83-E517-8901FE3E8941}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{A9373222-2934-4852-9BDB-1328E3E4ABAB}"="" "{C31B36DB-6332-440B-A12F-465CE6B06E6C}"="" "{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}"="" "{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"="" "{216DCBDA-A5D9-490F-8102-4FD10999AA57}"="" "{346F3D22-0C4D-41D2-AF17-87606258A222}"="" "{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}"="" "{061BFF0D-2618-4C6C-AA78-9064F55A6C73}"="" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail" "{785E39BF-3A7A-4E70-AD07-379E976F94DD}"="" "{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}"="" "{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}"="" "{2BD8E89F-A902-4BFA-A377-3933CD38A04A}"="" "{D52CC0C0-A183-448E-9F69-E2BC96502DE3}"="" "{359D04D9-FD1F-4606-981B-448CD85AB6CC}"="" "{0AF9B593-43D4-4398-A195-A976D8EC3833}"="" "{ED76051A-ADFC-463F-A632-4E350A1BD4EA}"="" "{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}"="" "{CE69A826-2E69-4514-85BF-D20601885770}"="" "{614478F8-69CD-4397-983D-EBC674E62C97}"="" "{53C464BF-3DB5-4241-8C94-346993301C5F}"="" "{46D84907-CF5A-4894-8B9F-BBDEEF160637}"="" "{7EFA76E4-36C5-4C19-8A1D-C373619F250E}"="" "{1567430D-35EA-4726-88AD-5011044B7995}"="" "{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}"="" "{75AF8F87-079B-46C8-A445-6F9FD3925005}"="" "{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}"="" "{2692FDEC-526F-4178-8617-E66CACB8E8C4}"="" "{7B52D779-9D0E-4720-9CF9-75DCB1E57449}"="" "{6DBD7268-B392-496D-AA31-CF94ED34F776}"="" "{C7B142D1-112D-4B60-BD18-13C78EF2845D}"="" "{5D04164D-A610-4CB8-8901-B0A0A0689D83}"="" "{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}"="" "{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}"="" "{91295406-F1FD-4429-9314-F77263D15660}"="" "{1A275532-22FB-4017-AE5A-50CD2B334153}"="" "{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}"="" "{DFAF3108-9061-4925-B134-942DB14FBF78}"="" "{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}"="" "{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}"="" "{B3F17340-9166-4272-B946-F91DE63A782E}"="" "{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}"="" "{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}] @="" "IDEx"="BM2" [HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\InprocServer32] @="C:\\WINDOWS\\system32\\mxdxmlc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}] @="" [HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}] @="" [HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\InprocServer32] @="C:\\WINDOWS\\system32\\pKutoenr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\InprocServer32] @="C:\\WINDOWS\\system32\\wedconns.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}] @="" [HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}] @="" [HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\InprocServer32] @="C:\\WINDOWS\\system32\\wlsdmoe2.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}] @="" [HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\InprocServer32] @="C:\\WINDOWS\\system32\\wcadss.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}] @="" [HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\InprocServer32] @="C:\\WINDOWS\\system32\\skcurity.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}] @="" [HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\InprocServer32] @="C:\\WINDOWS\\system32\\mgdimap.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}] @="" [HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\InprocServer32] @="C:\\WINDOWS\\system32\\fosdrv.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}] @="" [HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\InprocServer32] @="C:\\WINDOWS\\system32\\mjvidctl.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}] @="" [HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\InprocServer32] @="C:\\WINDOWS\\system32\\ssorage.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}] @="" [HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\InprocServer32] @="C:\\WINDOWS\\system32\\mK28lafu1d28.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}] @="" [HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\InprocServer32] @="C:\\WINDOWS\\system32\\mxsign32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}] @="" [HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\InprocServer32] @="C:\\WINDOWS\\system32\\mxxmlr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\InprocServer32] @="C:\\WINDOWS\\system32\\wid_ci.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}] @="" [HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\InprocServer32] @="C:\\WINDOWS\\system32\\shmpapi.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}] @="" [HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\InprocServer32] @="C:\\WINDOWS\\system32\\svrstr.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}] @="" [HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\InprocServer32] @="C:\\WINDOWS\\system32\\skoolss.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}] @="" [HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\InprocServer32] @="C:\\WINDOWS\\system32\\tlpelib.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}] @="" [HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\InprocServer32] @="C:\\WINDOWS\\system32\\fDultrep.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}] @="" [HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\InprocServer32] @="C:\\WINDOWS\\system32\\dxprop.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}] @="" [HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\InprocServer32] @="C:\\WINDOWS\\system32\\ipakeng.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}] @="" [HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\InprocServer32] @="C:\\WINDOWS\\system32\\sjcfiles.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}] @="" [HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\InprocServer32] @="C:\\WINDOWS\\system32\\krdhept.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}] @="" [HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}] @="" [HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\InprocServer32] @="C:\\WINDOWS\\system32\\dkskmon.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}] @="" [HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\InprocServer32] @="C:\\WINDOWS\\system32\\mqrepl40.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\InprocServer32] @="C:\\WINDOWS\\system32\\MEC71CHT.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}] @="" [HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\InprocServer32] @="C:\\WINDOWS\\system32\\mwltus40.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}] @="" [HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\InprocServer32] @="C:\\WINDOWS\\system32\\myxml3a.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}] @="" [HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\InprocServer32] @="C:\\WINDOWS\\system32\\ciiconfg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}] @="" [HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\InprocServer32] @="C:\\WINDOWS\\system32\\fzst30.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}] @="" [HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\InprocServer32] @="C:\\WINDOWS\\system32\\rdcrt4.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\InprocServer32] @="C:\\WINDOWS\\system32\\miw3prt.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}] @="" [HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\InprocServer32] @="C:\\WINDOWS\\system32\\sylwoa.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}] @="" [HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\InprocServer32] @="C:\\WINDOWS\\system32\\sobiop.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}] @="" [HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\InprocServer32] @="C:\\WINDOWS\\system32\\denmpntw.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}] @="" [HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\InprocServer32] @="C:\\WINDOWS\\system32\\pnwrprof.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B3F17340-9166-4272-B946-F91DE63A782E}] @="" [HKEY_CLASSES_ROOT\CLSID\{B3F17340-9166-4272-B946-F91DE63A782E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B3F17340-9166-4272-B946-F91DE63A782E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B3F17340-9166-4272-B946-F91DE63A782E}\InprocServer32] @="C:\\WINDOWS\\system32\\izfxres.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}] @="" [HKEY_CLASSES_ROOT\CLSID\{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}\InprocServer32] @="C:\\WINDOWS\\system32\\ikfxres.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}] @="" [HKEY_CLASSES_ROOT\CLSID\{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}\InprocServer32] @="C:\\WINDOWS\\system32\\aului.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ aului.dll Tue Jun 7 2005 12:25:46p ..S.R 232,896 227.44 K browseui.dll Thu Mar 10 2005 3:02:34a A.... 1,016,832 993.00 K cdfview.dll Thu Mar 10 2005 3:02:34a A.... 151,040 147.50 K ciiconfg.dll Sun May 29 2005 11:14:36a ..S.R 232,896 227.44 K denmpntw.dll Wed Jun 1 2005 9:30:38a ..S.R 232,896 227.44 K dkskmon.dll Sat May 21 2005 9:29:26p ..S.R 234,695 229.19 K dxprop.dll Tue May 17 2005 12:01:42p ..S.R 235,218 229.70 K f4j2le~1.dll Fri May 27 2005 1:50:08a ..S.R 235,218 229.70 K fdultrep.dll Mon May 16 2005 10:22:36a ..S.R 234,695 229.19 K fosdrv.dll Sun May 8 2005 2:17:30p ..S.R 234,695 229.19 K fzst30.dll Fri May 27 2005 2:53:20p ..S.R 232,896 227.44 K gp0ul3~1.dll Sat May 7 2005 11:07:08a ..S.R 235,115 229.60 K hrj205~1.dll Sun Apr 10 2005 11:50:12a ..S.R 234,680 229.18 K hrj605~1.dll Fri May 27 2005 2:53:20p ..S.R 233,511 228.04 K iepeers.dll Thu Mar 10 2005 3:02:34a A.... 250,880 245.00 K ikfxres.dll Tue Jun 7 2005 11:25:44a ..S.R 234,272 228.78 K inseng.dll Thu Mar 10 2005 3:02:34a A.... 96,256 94.00 K ipakeng.dll Wed May 18 2005 10:20:22a ..S.R 234,695 229.19 K izfxres.dll Mon Jun 6 2005 10:03:46p ..S.R 232,896 227.44 K jtl607~1.dll Tue Apr 5 2005 6:36:30p ..S.R 234,747 229.24 K krdhept.dll Fri May 20 2005 12:17:52p ..S.R 234,695 229.19 K kt28l7~1.dll Mon Jun 6 2005 10:45:46p ..S.R 232,896 227.44 K ktlul7~1.dll Thu Apr 7 2005 11:15:36a ..S.R 233,248 227.78 K l0l6la~1.dll Tue Jun 7 2005 12:23:50p ..S.R 234,272 228.78 K lt0027~1.dll Wed Jun 1 2005 9:37:40a ..S.R 232,896 227.44 K m028la~1.dll Sat Apr 9 2005 5:04:00p ..S.R 233,248 227.78 K mec71cht.dll Tue May 24 2005 10:58:02a ..S.R 235,218 229.70 K mfimg32.dll Mon Jun 6 2005 9:17:34p ..... 234,272 228.78 K mgdimap.dll Mon May 2 2005 11:41:32a ..S.R 235,115 229.60 K miw3prt.dll Mon May 30 2005 11:35:12a ..S.R 232,896 227.44 K mjvidctl.dll Mon May 9 2005 11:10:18a ..S.R 234,695 229.19 K mk28la~1.dll Tue May 10 2005 2:21:16p ..S.R 234,695 229.19 K mqrepl40.dll Mon May 23 2005 12:20:12p ..S.R 234,695 229.19 K mshtml.dll Thu Mar 10 2005 3:02:34a A.... 3,010,560 2.87 M msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M msihnd.dll Mon Mar 21 2005 3:00:22p A.... 271,360 265.00 K msimsg.dll Mon Mar 21 2005 3:00:22p A.... 884,736 864.00 K msisip.dll Mon Mar 21 2005 3:00:22p A.... 15,360 15.00 K msrating.dll Thu Mar 10 2005 3:02:34a A.... 146,432 143.00 K mv20l9~1.dll Tue Apr 12 2005 8:19:32a ..S.R 234,680 229.18 K mwltus40.dll Wed May 25 2005 10:11:18a ..S.R 234,996 229.49 K mxsign32.dll Wed May 11 2005 11:20:46a ..S.R 234,695 229.19 K mxxmlr.dll Thu May 12 2005 11:25:18a ..S.R 234,695 229.19 K myxml3a.dll Thu May 26 2005 8:43:08p ..S.R 235,218 229.70 K pnwrprof.dll Wed Jun 1 2005 10:04:04a ..S.R 232,896 227.44 K rdcrt4.dll Sat May 28 2005 11:42:48p ..S.R 232,896 227.44 K shdocvw.dll Thu Mar 10 2005 3:02:34a A.... 1,483,264 1.41 M shlwapi.dll Thu Mar 10 2005 3:02:34a A.... 473,600 462.50 K shmpapi.dll Sat May 14 2005 10:43:06a ..S.R 234,695 229.19 K sjcfiles.dll Thu May 19 2005 9:53:38a ..S.R 235,218 229.70 K skcurity.dll Mon Apr 25 2005 8:57:38p ..S.R 234,680 229.18 K skoolss.dll Sun May 15 2005 12:35:54p ..S.R 234,695 229.19 K sobiop.dll Tue May 31 2005 10:12:36p ..S.R 232,896 227.44 K spmsg.dll Wed May 4 2005 2:45:26p ..... 13,536 13.22 K ssorage.dll Tue May 10 2005 9:36:38a ..S.R 234,695 229.19 K svrstr.dll Sat May 14 2005 10:26:06p ..S.R 234,695 229.19 K sylwoa.dll Tue May 31 2005 8:30:10a ..S.R 232,896 227.44 K tlpelib.dll Sun May 15 2005 3:09:56p ..S.R 235,218 229.70 K urlmon.dll Thu Mar 10 2005 3:02:36a A.... 607,744 593.50 K wcadss.dll Wed Apr 20 2005 10:07:54p ..S.R 234,680 229.18 K wedconns.dll Sat Apr 9 2005 4:31:56p ..S.R 233,248 227.78 K wid_ci.dll Fri May 13 2005 10:33:12a ..S.R 234,695 229.19 K wininet.dll Thu Mar 10 2005 3:02:36a A.... 656,896 641.50 K wlsdmoe2.dll Fri Apr 15 2005 3:48:24p ..S.R 234,680 229.18 K 64 items found: 64 files (48 H/S), 0 directories. Total of file sizes: 23,444,665 bytes 22.36 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in drive C is HP_PAVILION Volume Seri*hier nicht!* Number is 28FB-76ED Directory of C:\WINDOWS\System32 06/07/2005 12:25 PM 232,896 aului.dll 06/07/2005 12:23 PM 234,272 l0l6la3s1d.dll 06/07/2005 11:25 AM 234,272 ikfxres.dll 06/06/2005 10:45 PM 232,896 kt28l7fu1.dll 06/06/2005 10:03 PM 232,896 izfxres.dll 06/01/2005 10:04 AM 232,896 pnwrprof.dll 06/01/2005 09:37 AM 232,896 lt0027dmg.dll 06/01/2005 09:30 AM 232,896 denmpntw.dll 05/31/2005 10:12 PM 232,896 sobiop.dll 05/31/2005 08:30 AM 232,896 sylwoa.dll 05/30/2005 11:35 AM 232,896 miw3prt.dll 05/29/2005 11:14 AM 232,896 ciiconfg.dll 05/28/2005 11:42 PM 232,896 rdcrt4.dll 05/27/2005 02:53 PM 232,896 fzst30.dll 05/27/2005 02:53 PM 233,511 hrj6051se.dll 05/27/2005 01:50 AM 235,218 f4j2le1o1h.dll 05/26/2005 08:43 PM 235,218 myxml3a.dll 05/25/2005 10:11 AM 234,996 mwltus40.dll 05/24/2005 10:58 AM 235,218 MEC71CHT.DLL 05/23/2005 12:20 PM 234,695 mqrepl40.dll 05/21/2005 09:29 PM 234,695 dkskmon.dll 05/20/2005 12:17 PM 234,695 krdhept.dll 05/19/2005 09:53 AM 235,218 sjcfiles.dll 05/19/2005 12:16 AM <DIR> dllcache 05/18/2005 10:20 AM 234,695 ipakeng.dll 05/17/2005 12:01 PM 235,218 dxprop.dll 05/16/2005 10:22 AM 234,695 fDultrep.dll 05/15/2005 03:09 PM 235,218 tlpelib.dll 05/15/2005 12:35 PM 234,695 skoolss.dll 05/14/2005 10:26 PM 234,695 svrstr.dll 05/14/2005 10:43 AM 234,695 shmpapi.dll 05/13/2005 10:33 AM 234,695 wid_ci.dll 05/12/2005 11:25 AM 234,695 mxxmlr.dll 05/11/2005 11:20 AM 234,695 mxsign32.dll 05/10/2005 02:21 PM 234,695 mK28lafu1d28.dll 05/10/2005 09:36 AM 234,695 ssorage.dll 05/09/2005 11:10 AM 234,695 mjvidctl.dll 05/08/2005 02:17 PM 234,695 fosdrv.dll 05/07/2005 11:07 AM 235,115 gp0ul3d91.dll 05/02/2005 11:41 AM 235,115 mgdimap.dll 04/25/2005 08:57 PM 234,680 skcurity.dll 04/20/2005 10:07 PM 234,680 wcadss.dll 04/15/2005 03:48 PM 234,680 wlsdmoe2.dll 04/12/2005 08:19 AM 234,680 mv20l9fm1.dll 04/10/2005 11:50 AM 234,680 hrj2051oe.dll 04/09/2005 05:03 PM 233,248 m028lafu1d28.dll 04/09/2005 04:31 PM 233,248 wedconns.dll 04/07/2005 11:15 AM 233,248 ktlul7391.dll 04/05/2005 06:36 PM 234,747 jtl6073se.dll 01/18/2005 05:00 PM 56 245ED74026.sys 01/18/2005 05:00 PM 1,682 KGyGaAvL.sys 08/11/2004 08:15 PM <DIR> Microsoft 50 File(s) 11,243,395 bytes 2 Dir(s) 10,565,603,328 bytes free Und hier der 2.Report L2Mfix 1.02b Running From: C:\DOCUME~1\Angela\Desktop\l2mfix RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C access for really "Everyone" - adding new ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- Everyone (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Setting up for Reboot Starting Reboot! C:\Documents and Settings\Angela\Desktop\l2mfix System Rebooted! Running From: C:\Documents and Settings\Angela\Desktop\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Killing PID 896 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 320 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Zipping up files for submission: adding: clear.reg (140 bytes security) (deflated 72%) adding: echo.reg (140 bytes security) (deflated 9%) adding: direct.txt (140 bytes security) (stored 0%) adding: lo2.txt (140 bytes security) (deflated 74%) adding: readme.txt (140 bytes security) (deflated 49%) adding: report.txt (140 bytes security) (deflated 78%) adding: test.txt (140 bytes security) (deflated 83%) adding: test2.txt (140 bytes security) (deflated 50%) adding: test3.txt (140 bytes security) (deflated 50%) adding: test5.txt (140 bytes security) (deflated 50%) adding: backregs/005A89C2-AE24-4C65-91E4-1A30DA75F9A3.reg (140 bytes security) (deflated 70%) adding: backregs/00F60C95-0B4A-4ADC-AF26-5260366EB6B3.reg (140 bytes security) (deflated 70%) adding: backregs/061BFF0D-2618-4C6C-AA78-9064F55A6C73.reg (140 bytes security) (deflated 70%) adding: backregs/0AF9B593-43D4-4398-A195-A976D8EC3833.reg (140 bytes security) (deflated 70%) adding: backregs/1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA.reg (140 bytes security) (deflated 70%) adding: backregs/1567430D-35EA-4726-88AD-5011044B7995.reg (140 bytes security) (deflated 70%) adding: backregs/1A275532-22FB-4017-AE5A-50CD2B334153.reg (140 bytes security) (deflated 70%) adding: backregs/216DCBDA-A5D9-490F-8102-4FD10999AA57.reg (140 bytes security) (deflated 70%) adding: backregs/2692FDEC-526F-4178-8617-E66CACB8E8C4.reg (140 bytes security) (deflated 70%) adding: backregs/2BD8E89F-A902-4BFA-A377-3933CD38A04A.reg (140 bytes security) (deflated 70%) adding: backregs/2F116526-4361-476E-A6F5-B0DC5ED31D5C.reg (140 bytes security) (deflated 70%) adding: backregs/346F3D22-0C4D-41D2-AF17-87606258A222.reg (140 bytes security) (deflated 70%) adding: backregs/359D04D9-FD1F-4606-981B-448CD85AB6CC.reg (140 bytes security) (deflated 70%) adding: backregs/46D84907-CF5A-4894-8B9F-BBDEEF160637.reg (140 bytes security) (deflated 70%) adding: backregs/53C464BF-3DB5-4241-8C94-346993301C5F.reg (140 bytes security) (deflated 70%) adding: backregs/54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF.reg (140 bytes security) (deflated 70%) adding: backregs/5D04164D-A610-4CB8-8901-B0A0A0689D83.reg (140 bytes security) (deflated 70%) adding: backregs/614478F8-69CD-4397-983D-EBC674E62C97.reg (140 bytes security) (deflated 70%) adding: backregs/628BB7CA-5CFB-4F46-AE81-DA6BD9455D00.reg (140 bytes security) (deflated 70%) adding: backregs/643C23A8-0B62-4FB9-BDFE-8FAE438687A5.reg (140 bytes security) (deflated 70%) adding: backregs/6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F.reg (140 bytes security) (deflated 70%) adding: backregs/6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4.reg (140 bytes security) (deflated 70%) adding: backregs/6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD.reg (140 bytes security) (deflated 70%) adding: backregs/6DBD7268-B392-496D-AA31-CF94ED34F776.reg (140 bytes security) (deflated 70%) adding: backregs/75AF8F87-079B-46C8-A445-6F9FD3925005.reg (140 bytes security) (deflated 70%) adding: backregs/785E39BF-3A7A-4E70-AD07-379E976F94DD.reg (140 bytes security) (deflated 70%) adding: backregs/7B52D779-9D0E-4720-9CF9-75DCB1E57449.reg (140 bytes security) (deflated 70%) adding: backregs/7EFA76E4-36C5-4C19-8A1D-C373619F250E.reg (140 bytes security) (deflated 70%) adding: backregs/80133EDF-AF85-4F1C-9E26-F1F8333E74BD.reg (140 bytes security) (deflated 70%) adding: backregs/91295406-F1FD-4429-9314-F77263D15660.reg (140 bytes security) (deflated 70%) adding: backregs/99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4.reg (140 bytes security) (deflated 70%) adding: backregs/A9373222-2934-4852-9BDB-1328E3E4ABAB.reg (140 bytes security) (deflated 69%) adding: backregs/AC9FCC1E-6B2C-4868-AC54-C9845C123C23.reg (140 bytes security) (deflated 70%) adding: backregs/B3F17340-9166-4272-B946-F91DE63A782E.reg (140 bytes security) (deflated 70%) adding: backregs/C31B36DB-6332-440B-A12F-465CE6B06E6C.reg (140 bytes security) (deflated 70%) adding: backregs/C7B142D1-112D-4B60-BD18-13C78EF2845D.reg (140 bytes security) (deflated 70%) adding: backregs/CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4.reg (140 bytes security) (deflated 70%) adding: backregs/CE69A826-2E69-4514-85BF-D20601885770.reg (140 bytes security) (deflated 70%) adding: backregs/CF1DCB70-2191-4660-BB70-D8154FF3E2EE.reg (140 bytes security) (deflated 70%) adding: backregs/D52CC0C0-A183-448E-9F69-E2BC96502DE3.reg (140 bytes security) (deflated 70%) adding: backregs/DFAF3108-9061-4925-B134-942DB14FBF78.reg (140 bytes security) (deflated 70%) adding: backregs/ED76051A-ADFC-463F-A632-4E350A1BD4EA.reg (140 bytes security) (deflated 70%) adding: backregs/shell.reg (140 bytes security) (deflated 73%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for really "Everyone" Warning (option /rge) - There is no ACE to remove! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-IO) ALLOW Full access CREATOR OWNER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\l0l6la3s1d.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{A9373222-2934-4852-9BDB-1328E3E4ABAB}"=- "{C31B36DB-6332-440B-A12F-465CE6B06E6C}"=- "{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}"=- "{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"=- "{216DCBDA-A5D9-490F-8102-4FD10999AA57}"=- "{346F3D22-0C4D-41D2-AF17-87606258A222}"=- "{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}"=- "{061BFF0D-2618-4C6C-AA78-9064F55A6C73}"=- "{785E39BF-3A7A-4E70-AD07-379E976F94DD}"=- "{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}"=- "{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}"=- "{2BD8E89F-A902-4BFA-A377-3933CD38A04A}"=- "{D52CC0C0-A183-448E-9F69-E2BC96502DE3}"=- "{359D04D9-FD1F-4606-981B-448CD85AB6CC}"=- "{0AF9B593-43D4-4398-A195-A976D8EC3833}"=- "{ED76051A-ADFC-463F-A632-4E350A1BD4EA}"=- "{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}"=- "{CE69A826-2E69-4514-85BF-D20601885770}"=- "{614478F8-69CD-4397-983D-EBC674E62C97}"=- "{53C464BF-3DB5-4241-8C94-346993301C5F}"=- "{46D84907-CF5A-4894-8B9F-BBDEEF160637}"=- "{7EFA76E4-36C5-4C19-8A1D-C373619F250E}"=- "{1567430D-35EA-4726-88AD-5011044B7995}"=- "{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}"=- "{75AF8F87-079B-46C8-A445-6F9FD3925005}"=- "{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}"=- "{2692FDEC-526F-4178-8617-E66CACB8E8C4}"=- "{7B52D779-9D0E-4720-9CF9-75DCB1E57449}"=- "{6DBD7268-B392-496D-AA31-CF94ED34F776}"=- "{C7B142D1-112D-4B60-BD18-13C78EF2845D}"=- "{5D04164D-A610-4CB8-8901-B0A0A0689D83}"=- "{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}"=- "{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}"=- "{91295406-F1FD-4429-9314-F77263D15660}"=- "{1A275532-22FB-4017-AE5A-50CD2B334153}"=- "{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}"=- "{DFAF3108-9061-4925-B134-942DB14FBF78}"=- "{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}"=- "{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}"=- "{B3F17340-9166-4272-B946-F91DE63A782E}"=- "{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}"=- "{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}"=- [-HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}] [-HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}] [-HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}] [-HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}] [-HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}] [-HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}] [-HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}] [-HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}] [-HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}] [-HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}] [-HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}] [-HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}] [-HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}] [-HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}] [-HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}] [-HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}] [-HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}] [-HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}] [-HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}] [-HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}] [-HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}] [-HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}] [-HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}] [-HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}] [-HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}] [-HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}] [-HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}] [-HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}] [-HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}] [-HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}] [-HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}] [-HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}] [-HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}] [-HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}] [-HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}] [-HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}] [-HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}] [-HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}] [-HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA3280 |
|
|
||
07.06.2005, 23:33
Ehrenmitglied
Beiträge: 29434 |
#7
du solltest eine Systemwiederherstellung machen vor dem :04/05/2005 (Zeitpunkt der Verseuchnung)
----------------------------------------------------------------------------- •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\aului.dll C:\WINDOWS\System32\l0l6la3s1d.dll C:\WINDOWS\System32\ikfxres.dll C:\WINDOWS\System32\kt28l7fu1.dll C:\WINDOWS\System32\izfxres.dll C:\WINDOWS\System32\pnwrprof.dll C:\WINDOWS\System32\lt0027dmg.dll C:\WINDOWS\System32\denmpntw.dll C:\WINDOWS\System32\sobiop.dll C:\WINDOWS\System32\sylwoa.dll C:\WINDOWS\System32\miw3prt.dll C:\WINDOWS\System32\ciiconfg.dll C:\WINDOWS\System32\rdcrt4.dll C:\WINDOWS\System32\fzst30.dll C:\WINDOWS\System32\hrj6051se.dll C:\WINDOWS\System32\f4j2le1o1h.dll C:\WINDOWS\System32\myxml3a.dll C:\WINDOWS\System32\mwltus40.dll C:\WINDOWS\System32\MEC71CHT.DLL C:\WINDOWS\System32\mqrepl40.dll C:\WINDOWS\System32\dkskmon.dll C:\WINDOWS\System32\krdhept.dll C:\WINDOWS\System32\sjcfiles.dll C:\WINDOWS\System32\ipakeng.dll C:\WINDOWS\System32\dxprop.dll C:\WINDOWS\System32\fDultrep.dll C:\WINDOWS\System32\tlpelib.dll C:\WINDOWS\System32\skoolss.dll C:\WINDOWS\System32\svrstr.dll C:\WINDOWS\System32\shmpapi.dll C:\WINDOWS\System32\wid_ci.dll C:\WINDOWS\System32\mxxmlr.dll C:\WINDOWS\System32\mxsign32.dll C:\WINDOWS\System32\mK28lafu1d28.dll C:\WINDOWS\System32\ssorage.dll C:\WINDOWS\System32\mjvidctl.dll C:\WINDOWS\System32\fosdrv.dll C:\WINDOWS\System32\gp0ul3d91.dll C:\WINDOWS\System32\mgdimap.dll C:\WINDOWS\System32\skcurity.dll C:\WINDOWS\System32\wcadss.dll C:\WINDOWS\System32\wlsdmoe2.dll C:\WINDOWS\System32\mv20l9fm1.dll C:\WINDOWS\System32\hrj2051oe.dll C:\WINDOWS\System32\m028lafu1d28.dll C:\WINDOWS\System32\wedconns.dll C:\WINDOWS\System32\ktlul7391.dll C:\WINDOWS\System32\jtl6073se.dll PC neustarten (wenn die Killbox nicht loescht--> alles manuell im abgesicherten Modus loeschen) CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html •AdAware-VX2 #Ad-aware SE Personal 1.05 Updated http://virus-protect.org/adaware.html http://fileforum.betanews.com/detail/965718306/1 AdAware-VX2 Cleaner # Schließen Sie Ad-Aware (falls es gerade läuft) # Laden Sie den VX2 Cleaner hier runter http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml # Installieren Sie den VX2 Cleaner # Starten Sie Ad-Aware # Wechseln Sie zu Add-Ons # Klicken Sie auf das VX2 Cleaner Add-on und klicken Sie auf Tool ausführen # Ist Ihr Computer nicht Infiziert, klicken Sie auf schließen # Ist Ihr Computer Infiziert, klicken Sie auf System reinigen # Neustart # Prüfen Sie Ihren Computer mit Ad-Aware # Entfernen Sie jegliche gefundenen VX2 Objekte # Neustart # Prüfen Sie Ihr System erneut um sicherzustellen, das alle Dateien von Ihrem System entfernt wurden. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.06.2005, 01:20
...neu hier
Themenstarter Beiträge: 7 |
#8
Hallo Sabina
okay, habe alles gemacht, bis auf die erneute System-recovery. Ist es notwendig das zu machen? Wenn ja, werde ichs meinem Freund sagen, er hat das naemlich gestern gemacht, weiss gar nicht wie das geht. Ich weiss leider auch nicht wirklich wie ich pruefe, ob diese .dll files noch da sind. Hab einfach ein paar von denen unter search eingegeben und nichts wurde im system gefunden. Sorry, weiss auch nicht, falls die doch noch da sind, wie ich in den abgesicherten modus komme und das da mache :o( bin wirklich nicht so super bewandt mit alldem. AdAware hatte mir 4 infekte gemeldet, aber anscheinend alle geloescht. Als ich den Cleaner drueber hab laufen lassen, sagte der mir "clean". die Seite sportresults.com poppt aber immer noch ab und zu hoch. Brauchst du noch mal logs von mir oder wie soll ich nun verfahren? |
|
|
||
08.06.2005, 14:17
Ehrenmitglied
Beiträge: 29434 |
#9
Hallo@BlueAngel200
CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html arbeite das bitte ab :--> und poste alles http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.06.2005, 05:29
...neu hier
Themenstarter Beiträge: 7 |
#10
Hallo Sabina,
alles erledigt.....um die 225 Viren!!!! Mann, und das nachdem was ich schon alles gemacht habe?! Hilfe! Hier der Report -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: -------------------- INFECTED -------------------- 2: 1: -------------------- INFECTED -------------------- 3: 2: 1: Wed Jun 08 21:13:24 2005 => Scanning Folder: C:\Program Files\AVPersonal\INFECTED\*.* 4: 3: 2: Wed Jun 08 21:36:30 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\070D335B.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. 5: 4: 3: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\26B273D2.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 6: 5: 4: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\547E2CFF.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. 7: 6: 5: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\548256FC.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 8: 7: 6: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54D046A6.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. 9: 8: 7: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54D61A9E.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 10: 9: 8: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54DA449B.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: --------------------- TAGGED --------------------- 2: 1: --------------------- TAGGED --------------------- 3: 2: 1: Wed Jun 08 20:56:57 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 4: 3: 2: Wed Jun 08 20:56:58 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 5: 4: 3: Wed Jun 08 21:00:04 2005 => File C:\WINDOWS\system32\ktj0l71m1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 6: 5: 4: Wed Jun 08 21:00:13 2005 => File C:\WINDOWS\system32\mfimg32.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 7: 6: 5: Wed Jun 08 21:00:32 2005 => File C:\WINDOWS\system32\mxafd.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 8: 7: 6: Wed Jun 08 21:00:38 2005 => File C:\WINDOWS\system32\o684lglq16qe.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 9: 8: 7: Wed Jun 08 21:03:35 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 10: 9: 8: Wed Jun 08 21:03:36 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 11: 10: 9: Wed Jun 08 21:05:29 2005 => File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\AppWrap[1].exe tagged as "not-a-virus:AdWare.Zestyfind". Action Taken: No Action Taken. 12: 11: 10: Wed Jun 08 21:05:37 2005 => File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8P0DL0NM\upd203[1].exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 13: 12: 11: Wed Jun 08 21:05:38 2005 => File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\AppWrap[1].exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken. 14: 13: 12: Wed Jun 08 21:36:39 2005 => File C:\Program Files\Online Services\AOL90CA\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 15: 14: 13: Wed Jun 08 21:37:07 2005 => File C:\Program Files\Online Services\AOL90US\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 16: 15: 14: Wed Jun 08 21:41:05 2005 => File C:\Program Files\Uninstall My Web Search.dll tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.h". Action Taken: No Action Taken. 17: 16: 15: Wed Jun 08 21:42:20 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021605.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 18: 17: 16: Wed Jun 08 21:42:21 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021617.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 19: 18: 17: Wed Jun 08 21:42:21 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021621.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 20: 19: 18: Wed Jun 08 21:42:22 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021625.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 21: 20: 19: Wed Jun 08 21:42:22 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021640.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 22: 21: 20: Wed Jun 08 21:42:22 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021644.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 23: 22: 21: Wed Jun 08 21:42:25 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP108\A0021657.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 24: 23: 22: Wed Jun 08 21:42:25 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP108\A0021661.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 25: 24: 23: Wed Jun 08 21:42:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP109\A0021681.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 26: 25: 24: Wed Jun 08 21:42:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP109\A0021687.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 27: 26: 25: Wed Jun 08 21:42:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP109\A0021691.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 28: 27: 26: Wed Jun 08 21:42:28 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP109\A0021695.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 29: 28: 27: Wed Jun 08 21:42:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP111\A0021725.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 30: 29: 28: Wed Jun 08 21:42:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP111\A0021729.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 31: 30: 29: Wed Jun 08 21:42:32 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP111\A0021737.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 32: 31: 30: Wed Jun 08 21:42:32 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP111\A0021741.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 33: 32: 31: Wed Jun 08 21:42:33 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP112\A0021753.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 34: 33: 32: Wed Jun 08 21:42:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP113\A0021757.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 35: 34: 33: Wed Jun 08 21:42:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP113\A0021763.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 36: 35: 34: Wed Jun 08 21:42:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP113\A0021770.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 37: 36: 35: Wed Jun 08 21:42:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP113\A0021773.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 38: 37: 36: Wed Jun 08 21:42:37 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP114\A0021787.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 39: 38: 37: Wed Jun 08 21:42:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP114\A0021800.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 40: 39: 38: Wed Jun 08 21:42:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP114\A0021801.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 41: 40: 39: Wed Jun 08 21:42:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP117\A0021815.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 42: 41: 40: Wed Jun 08 21:42:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP117\A0021817.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 43: 42: 41: Wed Jun 08 21:45:10 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP121\A0022420.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 44: 43: 42: Wed Jun 08 21:45:10 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP121\A0022422.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 45: 44: 43: Wed Jun 08 21:45:13 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022468.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 46: 45: 44: Wed Jun 08 21:45:13 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022469.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 47: 46: 45: Wed Jun 08 21:45:14 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022481.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 48: 47: 46: Wed Jun 08 21:45:14 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022482.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 49: 48: 47: Wed Jun 08 21:45:15 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022500.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 50: 49: 48: Wed Jun 08 21:45:15 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022501.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 51: 50: 49: Wed Jun 08 21:45:20 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022540.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 52: 51: 50: Wed Jun 08 21:45:20 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022541.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 53: 52: 51: Wed Jun 08 21:45:22 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022580.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 54: 53: 52: Wed Jun 08 21:45:23 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022581.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 55: 54: 53: Wed Jun 08 21:45:23 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022590.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 56: 55: 54: Wed Jun 08 21:45:23 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022604.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 57: 56: 55: Wed Jun 08 21:45:24 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022605.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 58: 57: 56: Wed Jun 08 21:45:26 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP125\A0022644.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 59: 58: 57: Wed Jun 08 21:45:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP125\A0022645.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 60: 59: 58: Wed Jun 08 21:45:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP126\A0022703.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 61: 60: 59: Wed Jun 08 21:45:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP126\A0022704.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 62: 61: 60: Wed Jun 08 21:45:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP127\A0022731.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 63: 62: 61: Wed Jun 08 21:45:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP127\A0022732.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 64: 63: 62: Wed Jun 08 21:45:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP128\A0022752.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 65: 64: 63: Wed Jun 08 21:45:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP128\A0022753.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 66: 65: 64: Wed Jun 08 21:45:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP129\A0022772.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 67: 66: 65: Wed Jun 08 21:45:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP129\A0022773.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 68: 67: 66: Wed Jun 08 21:45:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP129\A0023772.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 69: 68: 67: Wed Jun 08 21:45:41 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP130\A0023806.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 70: 69: 68: Wed Jun 08 21:45:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP130\A0023850.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 71: 70: 69: Wed Jun 08 21:45:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP130\A0023865.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 72: 71: 70: Wed Jun 08 21:45:47 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP131\A0023891.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 73: 72: 71: Wed Jun 08 21:45:49 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP132\A0023908.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 74: 73: 72: Wed Jun 08 21:45:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP133\A0023922.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 75: 74: 73: Wed Jun 08 21:45:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP134\A0023957.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 76: 75: 74: Wed Jun 08 21:45:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP134\A0023972.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 77: 76: 75: Wed Jun 08 21:45:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP134\A0023981.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 78: 77: 76: Wed Jun 08 21:45:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP134\A0023990.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 79: 78: 77: Wed Jun 08 21:45:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP135\A0024007.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 80: 79: 78: Wed Jun 08 21:46:00 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP136\A0024029.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 81: 80: 79: Wed Jun 08 21:46:01 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0024046.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 82: 81: 80: Wed Jun 08 21:46:04 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP139\A0024074.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 83: 82: 81: Wed Jun 08 21:46:05 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP139\A0024091.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 84: 83: 82: Wed Jun 08 21:46:07 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP140\A0024113.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 85: 84: 83: Wed Jun 08 21:46:07 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP140\A0024122.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 86: 85: 84: Wed Jun 08 21:46:07 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP140\A0024126.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 87: 86: 85: Wed Jun 08 21:46:09 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP141\A0024139.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 88: 87: 86: Wed Jun 08 21:46:11 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP142\A0024162.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 89: 88: 87: Wed Jun 08 21:46:11 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP142\A0024163.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 90: 89: 88: Wed Jun 08 21:46:13 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP143\A0024182.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 91: 90: 89: Wed Jun 08 21:46:13 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP143\A0024204.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 92: 91: 90: Wed Jun 08 21:46:16 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP145\A0024239.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 93: 92: 91: Wed Jun 08 21:46:23 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP146\A0024284.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 94: 93: 92: Wed Jun 08 21:46:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP147\A0025308.exe tagged as not-a-virus:Effect.Win16.Sheep. No Action Taken. 95: 94: 93: Wed Jun 08 21:46:28 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP148\A0026293.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 96: 95: 94: Wed Jun 08 21:46:29 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP148\A0026299.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 97: 96: 95: Wed Jun 08 21:46:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP149\A0026331.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 98: 97: 96: Wed Jun 08 21:46:32 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP149\A0026352.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 99: 98: 97: Wed Jun 08 21:46:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP150\A0026370.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 100: 99: 98: Wed Jun 08 21:46:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP150\A0026379.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 101: 100: 99: Wed Jun 08 21:46:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP150\A0026390.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 102: 101: 100: Wed Jun 08 21:46:37 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP151\A0026412.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 103: 102: 101: Wed Jun 08 21:46:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0026440.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 104: 103: 102: Wed Jun 08 21:46:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0026450.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 105: 104: 103: Wed Jun 08 21:46:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0026459.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 106: 105: 104: Wed Jun 08 21:46:41 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0026466.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 107: 106: 105: Wed Jun 08 21:46:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0027462.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 108: 107: 106: Wed Jun 08 21:47:25 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP153\A0027689.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 109: 108: 107: Wed Jun 08 21:47:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP154\A0027718.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 110: 109: 108: Wed Jun 08 21:47:32 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP154\A0027727.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 111: 110: 109: Wed Jun 08 21:47:33 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP155\A0027747.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 112: 111: 110: Wed Jun 08 21:47:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP155\A0027756.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 113: 112: 111: Wed Jun 08 21:47:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027780.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 114: 113: 112: Wed Jun 08 21:47:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027781.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 115: 114: 113: Wed Jun 08 21:47:48 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027832.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 116: 115: 114: Wed Jun 08 21:47:48 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027845.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 117: 116: 115: Wed Jun 08 21:47:48 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027853.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 118: 117: 116: Wed Jun 08 21:49:17 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028090.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 119: 118: 117: Wed Jun 08 21:49:26 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028150.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 120: 119: 118: Wed Jun 08 21:49:26 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028155.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 121: 120: 119: Wed Jun 08 21:49:33 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028180.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 122: 121: 120: Wed Jun 08 21:49:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028181.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 123: 122: 121: Wed Jun 08 21:49:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028182.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 124: 123: 122: Wed Jun 08 21:49:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028184.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 125: 124: 123: Wed Jun 08 21:49:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030213.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 126: 125: 124: Wed Jun 08 21:49:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030214.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 127: 126: 125: Wed Jun 08 21:49:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030218.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 128: 127: 126: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030219.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 129: 128: 127: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030226.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 130: 129: 128: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030228.exe tagged as "not-a-virus:AdWare.Zestyfind". Action Taken: No Action Taken. 131: 130: 129: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030229.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken. 132: 131: 130: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030230.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 133: 132: 131: Wed Jun 08 21:49:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030231.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 134: 133: 132: Wed Jun 08 21:49:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030232.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 135: 134: 133: Wed Jun 08 21:49:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030233.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 136: 135: 134: Wed Jun 08 21:49:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030235.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 137: 136: 135: Wed Jun 08 21:49:41 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030236.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 138: 137: 136: Wed Jun 08 21:50:04 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030332.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 139: 138: 137: Wed Jun 08 21:50:05 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030333.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 140: 139: 138: Wed Jun 08 21:50:11 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030395.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 141: 140: 139: Wed Jun 08 21:50:14 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030448.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 142: 141: 140: Wed Jun 08 21:50:15 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030456.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 143: 142: 141: Wed Jun 08 21:50:16 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030460.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 144: 143: 142: Wed Jun 08 21:50:16 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030461.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 145: 144: 143: Wed Jun 08 21:50:17 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030471.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 146: 145: 144: Wed Jun 08 21:50:17 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030474.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 147: 146: 145: Wed Jun 08 21:50:17 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030475.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 148: 147: 146: Wed Jun 08 21:50:24 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030506.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 149: 148: 147: Wed Jun 08 21:50:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030679.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 150: 149: 148: Wed Jun 08 21:50:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030683.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 151: 150: 149: Wed Jun 08 21:50:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030685.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 152: 151: 150: Wed Jun 08 21:51:01 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030723.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 153: 152: 151: Wed Jun 08 21:51:02 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030742.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 154: 153: 152: Wed Jun 08 21:52:45 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031073.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 155: 154: 153: Wed Jun 08 21:52:46 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031086.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 156: 155: 154: Wed Jun 08 21:52:46 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031091.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 157: 156: 155: Wed Jun 08 21:52:46 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031095.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 158: 157: 156: Wed Jun 08 21:52:49 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031113.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 159: 158: 157: Wed Jun 08 21:52:49 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031114.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 160: 159: 158: Wed Jun 08 21:52:49 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031115.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 161: 160: 159: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031116.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 162: 161: 160: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031117.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 163: 162: 161: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031118.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 164: 163: 162: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031119.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 165: 164: 163: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031120.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 166: 165: 164: Wed Jun 08 21:52:51 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031121.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 167: 166: 165: Wed Jun 08 21:52:51 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031122.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 168: 167: 166: Wed Jun 08 21:52:51 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031123.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 169: 168: 167: Wed Jun 08 21:52:51 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031124.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 170: 169: 168: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031125.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 171: 170: 169: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031126.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 172: 171: 170: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031127.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 173: 172: 171: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031128.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 174: 173: 172: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031129.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 175: 174: 173: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031130.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 176: 175: 174: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031131.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 177: 176: 175: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031132.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 178: 177: 176: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031133.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 179: 178: 177: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031134.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 180: 179: 178: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031135.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 181: 180: 179: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031136.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 182: 181: 180: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031137.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 183: 182: 181: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031138.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 184: 183: 182: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031139.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 185: 184: 183: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031140.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 186: 185: 184: Wed Jun 08 21:52:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031141.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 187: 186: 185: Wed Jun 08 21:52:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031142.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 188: 187: 186: Wed Jun 08 21:52:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031143.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 189: 188: 187: Wed Jun 08 21:52:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031144.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 190: 189: 188: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031145.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 191: 190: 189: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031146.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 192: 191: 190: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031147.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 193: 192: 191: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031148.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 194: 193: 192: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031149.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 195: 194: 193: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031150.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 196: 195: 194: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031151.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 197: 196: 195: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031152.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 198: 197: 196: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031153.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 199: 198: 197: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031154.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 200: 199: 198: Wed Jun 08 21:52:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031155.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 201: 200: 199: Wed Jun 08 21:52:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031156.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 202: 201: 200: Wed Jun 08 21:52:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031157.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 203: 202: 201: Wed Jun 08 21:52:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031158.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 204: 203: 202: Wed Jun 08 21:52:59 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031170.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 205: 204: 203: Wed Jun 08 21:52:59 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031183.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 206: 205: 204: Wed Jun 08 21:53:00 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031184.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 207: 206: 205: Wed Jun 08 21:53:01 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP160\A0032183.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 208: 207: 206: Wed Jun 08 21:53:06 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP160\A0032232.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 209: 208: 207: Wed Jun 08 21:53:06 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP160\A0032233.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 210: 209: 208: Wed Jun 08 21:54:37 2005 => File C:\WINDOWS\Downloaded Program Files\popcaploader.dll tagged as not-a-virusownloader.Win32.PopCap.b. No Action Taken. 211: 210: 209: Wed Jun 08 22:01:38 2005 => File C:\WINDOWS\system\UpdInst.exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 212: 211: 210: Wed Jun 08 22:07:40 2005 => File C:\WINDOWS\system32\ktj0l71m1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 213: 212: 211: Wed Jun 08 22:07:53 2005 => File C:\WINDOWS\system32\mfimg32.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 214: 213: 212: Wed Jun 08 22:08:13 2005 => File C:\WINDOWS\system32\mxafd.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 215: 214: 213: Wed Jun 08 22:08:20 2005 => File C:\WINDOWS\system32\o684lglq16qe.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 216: 215: 1: C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe => tagged:Tool.Win32.Processor.20. 217: 216: 2: C:\Documents and Settings\Angela\Desktop\l2mfix.exe => tagged:Tool.Win32.Processor.20. 218: 217: 10: C:\Program Files\Online Services\AOL90CA\comp01.000 => tagged:Tool.Win32.Reboot. 219: 218: 11: C:\Program Files\Online Services\AOL90US\comp01.000 => tagged:Tool.Win32.Reboot. 220: 219: 12: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP147\A0025308.exe => tagged:Effect.Win16.Sheep. 221: 220: 13: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027853.exe => tagged:Tool.Win32.Processor.20. 222: 221: 14: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030395.exe => tagged:Tool.Win32.Processor.20. 223: 222: 15: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030456.exe => tagged:Tool.Win32.Processor.20. 224: 223: 16: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030460.exe => tagged:Tool.Win32.Processor.20. 225: 224: 17: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031095.exe => tagged:Tool.Win32.Processor.20. 226: 225: 18: C:\WINDOWS\Downloaded Program Files\popcaploader.dll => taggedownloader.Win32.PopCap.b. 227: 8: C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe => tagged:Tool.Win32.Processor.20. 228: 9: C:\Documents and Settings\Angela\Desktop\l2mfix.exe => tagged:Tool.Win32.Processor.20. 229: 10: C:\Program Files\Online Services\AOL90CA\comp01.000 => tagged:Tool.Win32.Reboot. 230: 11: C:\Program Files\Online Services\AOL90US\comp01.000 => tagged:Tool.Win32.Reboot. 231: 12: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP147\A0025308.exe => tagged:Effect.Win16.Sheep. 232: 13: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027853.exe => tagged:Tool.Win32.Processor.20. 233: 14: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030395.exe => tagged:Tool.Win32.Processor.20. 234: 15: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030456.exe => tagged:Tool.Win32.Processor.20. 235: 16: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030460.exe => tagged:Tool.Win32.Processor.20. 236: 17: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031095.exe => tagged:Tool.Win32.Processor.20. 237: 18: C:\WINDOWS\Downloaded Program Files\popcaploader.dll => taggedownloader.Win32.PopCap.b. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: 1: 1: Wed Jun 08 20:56:21 2005 => ERROR!!! Invalid Entry {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. 2: 2: 2: Wed Jun 08 20:56:21 2005 => ERROR!!! Invalid Entry {E46D65EC-24E0-4D66-9EE9-27B26B447E80} = C:\WINDOWS\system32\mhrddm.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken. 3: 3: 3: Wed Jun 08 20:56:24 2005 => ERROR!!! Invalid Entry VTTimer = VTTimer.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 4: 4: 4: Wed Jun 08 20:57:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BM2.dll". Action Taken: No Action Taken. 5: 5: 5: Wed Jun 08 20:57:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll". Action Taken: No Action Taken. 6: 6: 6: Wed Jun 08 20:57:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\hpqimgrc.resources.dll". Action Taken: No Action Taken. 7: 7: 7: Wed Jun 08 20:57:37 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken. 8: 8: 8: Wed Jun 08 20:57:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\Default.rul". Action Taken: No Action Taken. 9: 9: 9: Wed Jun 08 20:57:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken. 10: 10: 10: Wed Jun 08 20:57:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll". Action Taken: No Action Taken. 11: 11: 11: Wed Jun 08 20:57:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BM2.dll". Action Taken: No Action Taken. 12: 12: 12: Wed Jun 08 20:57:54 2005 => Entry "HKCR\CLSID\{5464D816-CF16-4784-B9F3-75C0DB52B499}" refers to invalid object "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll". Action Taken: No Action Taken. 13: 13: 13: Wed Jun 08 20:57:55 2005 => Entry "HKCR\CLSID\{5BC209ED-276E-4C42-8D77-0D1713605757}" refers to invalid object "c:\PROGRA~1\COMMON~1\PALOAL~1\QPAS4.OCX". Action Taken: No Action Taken. 14: 14: 14: Wed Jun 08 20:57:57 2005 => Entry "HKCR\CLSID\{6B180C18-F1F2-466D-8C9B-9E8746597BF5}" refers to invalid object "c:\PROGRA~1\COMMON~1\PALOAL~1\PAS4.DLL". Action Taken: No Action Taken. 15: 15: 15: Wed Jun 08 20:58:01 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. 16: 16: 16: Wed Jun 08 20:58:04 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken. 17: 17: 17: Wed Jun 08 20:58:04 2005 => Entry "HKCR\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}" refers to invalid object "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll". Action Taken: No Action Taken. 18: 18: 18: Wed Jun 08 20:58:05 2005 => Entry "HKCR\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}" refers to invalid object "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll". Action Taken: No Action Taken. 19: 19: 19: Wed Jun 08 20:58:08 2005 => Entry "HKCR\CLSID\{C79C91A1-DB06-11D2-9E0C-00105A26F05D}" refers to invalid object "c:\PROGRA~1\Quicken\QWAPP.DLL". Action Taken: No Action Taken. 20: 20: 20: Wed Jun 08 20:58:10 2005 => Entry "HKCR\CLSID\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll". Action Taken: No Action Taken. 21: 21: 21: Wed Jun 08 20:58:11 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 22: 22: 22: Wed Jun 08 20:58:12 2005 => Entry "HKCR\CLSID\{E46D65EC-24E0-4D66-9EE9-27B26B447E80}" refers to invalid object "C:\WINDOWS\system32\mhrddm.dll". Action Taken: No Action Taken. 23: 23: 23: Wed Jun 08 20:58:12 2005 => Entry "HKCR\CLSID\{E8A52BE3-690C-4EB2-A0F2-83112532AA4B}" refers to invalid object "c:\PROGRA~1\Quicken\QSHOWH~1.DLL". Action Taken: No Action Taken. 24: 24: 24: Wed Jun 08 20:58:14 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 25: 25: 25: Wed Jun 08 20:58:15 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 26: 26: 26: Wed Jun 08 20:58:25 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 27: 27: 27: Wed Jun 08 20:58:25 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken. 28: 28: 28: Wed Jun 08 20:58:27 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken. 29: 29: 29: Wed Jun 08 20:58:27 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken. 30: 30: 30: Wed Jun 08 20:58:38 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken. 31: 31: 31: Wed Jun 08 20:58:38 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 32: 32: 32: Wed Jun 08 20:58:38 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken. 33: 33: 33: Wed Jun 08 20:58:44 2005 => Entry "HKCR\MyWebSearch.HTMLPanel" refers to invalid object "{3E720452-B472-4954-B7AA-33069EB53906}". Action Taken: No Action Taken. 34: 34: 34: Wed Jun 08 20:58:44 2005 => Entry "HKCR\MyWebSearch.HTMLPanel.1" refers to invalid object "{3E720452-B472-4954-B7AA-33069EB53906}". Action Taken: No Action Taken. 35: 35: 35: Wed Jun 08 20:58:52 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken. 36: 36: 36: Wed Jun 08 20:58:55 2005 => Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken. 37: 37: 37: Wed Jun 08 20:58:55 2005 => Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken. 38: 38: 38: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip is Not Scanned 39: 39: 39: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip is Not Scanned 40: 40: 40: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip is Not Scanned 41: 41: 41: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip is Not Scanned 42: 42: 42: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip is Not Scanned 43: 43: 43: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned 44: 44: 44: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned 45: 45: 45: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned 46: 46: 46: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned 47: 47: 47: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned 48: 48: 48: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip is Not Scanned 49: 49: 49: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip is Not Scanned 50: 50: 50: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip is Not Scanned 51: 51: 51: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip is Not Scanned 52: 52: 52: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip is Not Scanned 53: 53: 53: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip is Not Scanned 54: 54: 54: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip is Not Scanned 55: 55: 55: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip is Not Scanned 56: 56: 56: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip is Not Scanned 57: 57: 57: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip is Not Scanned 58: 58: 58: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip is Not Scanned 59: 59: 59: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip is Not Scanned 60: 60: 60: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip is Not Scanned 61: 61: 61: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip is Not Scanned 62: 62: 62: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GrokLoader.zip is Not Scanned 63: 63: 63: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GrokLoader1.zip is Not Scanned 64: 64: 64: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean.zip is Not Scanned 65: 65: 65: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean1.zip is Not Scanned 66: 66: 66: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean2.zip is Not Scanned 67: 67: 67: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch.zip is Not Scanned 68: 68: 68: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch1.zip is Not Scanned 69: 69: 69: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch2.zip is Not Scanned 70: 70: 70: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch3.zip is Not Scanned 71: 71: 71: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip is Not Scanned 72: 72: 72: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip is Not Scanned 73: 73: 73: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip is Not Scanned 74: 74: 74: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip is Not Scanned 75: 75: 75: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip is Not Scanned 76: 76: 76: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip is Not Scanned 77: 77: 77: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip is Not Scanned 78: 78: 78: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip is Not Scanned 79: 79: 79: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip is Not Scanned 80: 80: 80: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip is Not Scanned 81: 81: 81: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip is Not Scanned 82: 82: 82: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent.zip is Not Scanned 83: 83: 83: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent1.zip is Not Scanned -------------------------------------------------- ------------- FILES ADDED TO DELETE -------------- -------------------------------------------------- 1: C:\Program Files\Norton AntiVirus\Quarantine\070D335B.htm => Exploit.HTML.Mht 2: C:\Program Files\Norton AntiVirus\Quarantine\26B273D2.zip => Trojan.Java.ClassLoader.c 3: C:\Program Files\Norton AntiVirus\Quarantine\547E2CFF.htm => Exploit.HTML.Mht 4: C:\Program Files\Norton AntiVirus\Quarantine\548256FC.zip => Trojan.Java.ClassLoader.c 5: C:\Program Files\Norton AntiVirus |
|
|
||
09.06.2005, 09:57
Ehrenmitglied
Beiträge: 29434 |
#11
Deaktivieren Wiederherstellung--> dann, nach der Reinigung, aktiviere sie wieder
«XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. loesche mit der Killbox: C:\WINDOWS\system32\ktj0l71m1.dll C:\WINDOWS\system32\mfimg32.dll C:\WINDOWS\system32\mxafd.dll C:\WINDOWS\system32\o684lglq16qe.dll C:\WINDOWS\system32\mhrddm.dll C:\WINDOWS\Downloaded Program Files\BM2.dll C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll C:\Program Files\Uninstall My Web Search.dll C:\WINDOWS\Downloaded Program Files\popcaploader.dll C:\WINDOWS\system\UpdInst.exe C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\AppWrap[1].exe C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8P0DL0NM\upd203[1].exe C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\AppWrap[1].exe PC neustarten ueberpruefen, ob alles geloescht ist. C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\AppWrap[1].exe C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8P0DL0NM\upd203[1].exe C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\AppWrap[1].exe CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html #TuneUp2004 (30 Tage free) http://virus-protect.org/reinigungstoolsregistry.html Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner dann scanne noch mal mit escan + berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.06.2005, 23:53
...neu hier
Themenstarter Beiträge: 7 |
#12
Hallo Sabina,
habe alles gemacht. Folgende Datein waren trotz killerbox nach da, hab sie dann einfach per hand geloescht und kann sie nun auch nicht mehr finden: C:\WINDOWS\system\UpdInst.exe C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll C:\WINDOWS\Downloaded Program Files\popcaploader.dll Und wow, escan hat mir nun "nur noch" 19 Viren angezeigt! Hier der Report: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Thu Jun 09 15:21:29 2005 => Scanning Folder: C:\Program Files\AVPersonal\INFECTED\*.* 2: Thu Jun 09 15:44:18 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\070D335B.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. 3: Thu Jun 09 15:44:18 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\26B273D2.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 4: Thu Jun 09 15:44:18 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\547E2CFF.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. 5: Thu Jun 09 15:44:18 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\548256FC.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 6: Thu Jun 09 15:44:19 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54D046A6.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken. 7: Thu Jun 09 15:44:19 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54D61A9E.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. 8: Thu Jun 09 15:44:19 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54DA449B.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Thu Jun 09 15:04:43 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 2: Thu Jun 09 15:04:44 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 3: Thu Jun 09 15:09:23 2005 => File C:\!Submit\ktj0l71m1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken. 4: Thu Jun 09 15:11:20 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 5: Thu Jun 09 15:11:21 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken. 6: Thu Jun 09 15:44:27 2005 => File C:\Program Files\Online Services\AOL90CA\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 7: Thu Jun 09 15:44:54 2005 => File C:\Program Files\Online Services\AOL90US\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Thu Jun 09 15:05:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BM2.dll". Action Taken: No Action Taken. 2: Thu Jun 09 15:05:46 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. 3: Thu Jun 09 15:05:49 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken. 4: Thu Jun 09 15:05:56 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 5: Thu Jun 09 15:05:59 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 6: Thu Jun 09 15:06:00 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken. 7: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip is Not Scanned 8: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip is Not Scanned 9: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip is Not Scanned 10: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip is Not Scanned 11: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip is Not Scanned 12: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned 13: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned 14: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned 15: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned 16: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned 17: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip is Not Scanned 18: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip is Not Scanned 19: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip is Not Scanned 20: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip is Not Scanned 21: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip is Not Scanned 22: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip is Not Scanned 23: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip is Not Scanned 24: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip is Not Scanned 25: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip is Not Scanned 26: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip is Not Scanned 27: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip is Not Scanned 28: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip is Not Scanned 29: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip is Not Scanned 30: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip is Not Scanned 31: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GrokLoader.zip is Not Scanned 32: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GrokLoader1.zip is Not Scanned 33: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean.zip is Not Scanned 34: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean1.zip is Not Scanned 35: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean2.zip is Not Scanned 36: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch.zip is Not Scanned 37: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch1.zip is Not Scanned 38: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch2.zip is Not Scanned 39: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch3.zip is Not Scanned 40: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip is Not Scanned 41: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip is Not Scanned 42: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip is Not Scanned 43: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip is Not Scanned 44: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip is Not Scanned 45: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip is Not Scanned 46: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip is Not Scanned 47: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip is Not Scanned 48: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip is Not Scanned 49: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip is Not Scanned 50: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip is Not Scanned 51: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent.zip is Not Scanned 52: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent1.zip is Not Scanned -------------------------------------------------- ------------- FILES ADDED TO DELETE -------------- -------------------------------------------------- 1: C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe => tagged:Tool.Win32.Processor.20. 2: C:\Documents and Settings\Angela\Desktop\l2mfix.exe => tagged:Tool.Win32.Processor.20. 3: C:\Program Files\Norton AntiVirus\Quarantine\070D335B.htm => Exploit.HTML.Mht 4: C:\Program Files\Norton AntiVirus\Quarantine\26B273D2.zip => Trojan.Java.ClassLoader.c 5: C:\Program Files\Norton AntiVirus\Quarantine\547E2CFF.htm => Exploit.HTML.Mht 6: C:\Program Files\Norton AntiVirus\Quarantine\548256FC.zip => Trojan.Java.ClassLoader.c 7: C:\Program Files\Norton AntiVirus\Quarantine\54D046A6.htm => Exploit.HTML.Mht 8: C:\Program Files\Norton AntiVirus\Quarantine\54D61A9E.zip => Trojan.Java.ClassLoader.c 9: C:\Program Files\Norton AntiVirus\Quarantine\54DA449B.zip => Trojan.Java.ClassLoader.c 10: C:\Program Files\Online Services\AOL90CA\comp01.000 => tagged:Tool.Win32.Reboot. 11: C:\Program Files\Online Services\AOL90US\comp01.000 => tagged:Tool.Win32.Reboot. -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Thu Jun 09 16:09:48 2005 => Total Objects Scanned: 91776 Thu Jun 09 16:09:48 2005 => Total Virus(es) Found: 19 Thu Jun 09 16:09:48 2005 => Total Errors: 52 Thu Jun 09 16:09:48 2005 => Virus Database Date: 2005/06/09 Thu Jun 09 16:09:48 2005 => Virus Database Count: 134127 Thu Jun 09 16:36:07 2005 => Total Objects Scanned: 91776 Thu Jun 09 16:36:07 2005 => Total Virus(es) Found: 19 Thu Jun 09 16:36:07 2005 => Total Errors: 52 Naehern wir uns nun langsam dem erfoglreichen Ende zu? Sieht so aus! :O) |
|
|
||
11.06.2005, 18:38
Ehrenmitglied
Beiträge: 29434 |
#13
Hallo@BlueAngel200
1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter. 2. In the left panel, locate and delete the following keys: * "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to "C:\WINDOWS\Downloaded Program Files\BM2.dll" ----------------------------------------------------------------------- HKEY_CLASSES_ROOT>CLSID>{DDFFA75A-E81D-4454-89FC-B9FD0631E726} * HKEY_LOCAL_MACHINE>SOFTWARE>Classes> CLSID>{DDFFA75A-E81D-4454-89FC-B9FD0631E726 In the left panel, double-click the following: HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft> Windows>CurrentVersion>Shell Extensions>Approved In the right panel, locate and delete the entry: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} = "" 5. Close Registry Editor. http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FLOOK2ME%2EB Loesche: C:\!Submit\ktj0l71m1.dll C:\WINDOWS\Downloaded Program Files\BM2.dll dann duerfte alles in ordnung sein Alles Gute fuer dich + PC ---------- #Alternativbrowser zum IE Firefox http://www.firefox-browser.de/windows.php http://www.mozilla-europe.org/de/ Installation+Konfiguration Firefox http://www.pcwelt.de/know-how/software/103924/index1.html --------- INFO: O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.dll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
ich habe mir gestern aufgrund der Infos hier schon mal Hithisjack runtergeladen und den Log in das tool unter hithisjack.de eingegeben. Habe vier rote meldungen bekommen und die dann gefixt. Habe aber noch etliche unbekannte vorgaenge und mein Hauptproblem, das automatische oeffnen der Seite sportresulst.com, war heute morgen auch wieder da. AUsserdem habe ich einen komische Meldung beim starten bekommen, irgendwas mit system32. Ausserdem bekomme ich von AntiVir folgende Meldung eines infizierten Archives, dass es aber nicht loeschen kann: MyFunCardsFWBInitialSetup1.0.0.8[1].cab. Was mach ich damit?? Kann mir bitte irgend jemand helfen! Ich sitze in Mexiko und habe leider gar keine Moeglichkeit irgend jemanden hier zu fragen. Bitte so einfach wie moeglich erklaeren, bin wirklich kein IT Spezialist :o(
Hier mein Log von heute morgen:
Logfile of HijackThis v1.99.1
Scan saved at 11:29:41 AM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Angela\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m6ju0g19e6.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe