O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m6ju0g19e6.dll

#0
03.06.2005, 18:41
...neu hier

Beiträge: 7
#1 Hallo,

ich habe mir gestern aufgrund der Infos hier schon mal Hithisjack runtergeladen und den Log in das tool unter hithisjack.de eingegeben. Habe vier rote meldungen bekommen und die dann gefixt. Habe aber noch etliche unbekannte vorgaenge und mein Hauptproblem, das automatische oeffnen der Seite sportresulst.com, war heute morgen auch wieder da. AUsserdem habe ich einen komische Meldung beim starten bekommen, irgendwas mit system32. Ausserdem bekomme ich von AntiVir folgende Meldung eines infizierten Archives, dass es aber nicht loeschen kann: MyFunCardsFWBInitialSetup1.0.0.8[1].cab. Was mach ich damit?? Kann mir bitte irgend jemand helfen! Ich sitze in Mexiko und habe leider gar keine Moeglichkeit irgend jemanden hier zu fragen. Bitte so einfach wie moeglich erklaeren, bin wirklich kein IT Spezialist :o(

Hier mein Log von heute morgen:
Logfile of HijackThis v1.99.1
Scan saved at 11:29:41 AM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Angela\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m6ju0g19e6.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Dieser Beitrag wurde am 03.06.2005 um 19:30 Uhr von BlueAngel200 editiert.
Seitenanfang Seitenende
05.06.2005, 13:19
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@BlueAngel200

einzelne "exe" ueberpruefen
http://www.virustotal.com/flash/index_en.html


Jotti's malware scan 2.4 - einzelne "exe" ueberpruefen
http://virusscan.jotti.org/de/
Oben auf der Seite auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit...
jetzt abwarten und danach das Ergebnis abkopieren und hier im Beitrag posten


C:\WINDOWS\system32\igfxsrvc.dll
C:\WINDOWS\system32\igfxtray.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\ps2.exe


#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\m6ju0g19e6.dll

PC neustarten

arbeite das bitte punkt fuer Punkt ab und poste alles,
http://virus-protect.org/L2mfix.html

dnach mache eine Onlinescan mit PANDA + berichte (wenn dein ANRIVIRUS "meckert"--> nicht beachten
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.06.2005, 20:24
...neu hier

Themenstarter

Beiträge: 7
#3 Hallo Sabina, vielen Dank fuer Deine Hilfe!!

Hier meine Ergebnise:

den ersten punkt, ich weiss leider nicht welche exe-dateien gemeint sind- deswegen hab ich den noch nicht gemacht.

2. Punkt habe ich gemacht, ALLE files waren virenfrei.

3. alle files gefixed bis auf die 020, weil die ploetzlich nicht mehr in meinem Log auftaucht!

4. hier meine Ergebnise von L2mfix:


L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\gp6ml3j11.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{49690D94-04F2-5F83-E517-8901FE3E8941}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{A9373222-2934-4852-9BDB-1328E3E4ABAB}"=""
"{C31B36DB-6332-440B-A12F-465CE6B06E6C}"=""
"{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}"=""
"{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"=""
"{216DCBDA-A5D9-490F-8102-4FD10999AA57}"=""
"{346F3D22-0C4D-41D2-AF17-87606258A222}"=""
"{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}"=""
"{061BFF0D-2618-4C6C-AA78-9064F55A6C73}"=""
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{785E39BF-3A7A-4E70-AD07-379E976F94DD}"=""
"{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}"=""
"{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}"=""
"{2BD8E89F-A902-4BFA-A377-3933CD38A04A}"=""
"{D52CC0C0-A183-448E-9F69-E2BC96502DE3}"=""
"{359D04D9-FD1F-4606-981B-448CD85AB6CC}"=""
"{0AF9B593-43D4-4398-A195-A976D8EC3833}"=""
"{ED76051A-ADFC-463F-A632-4E350A1BD4EA}"=""
"{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}"=""
"{CE69A826-2E69-4514-85BF-D20601885770}"=""
"{614478F8-69CD-4397-983D-EBC674E62C97}"=""
"{53C464BF-3DB5-4241-8C94-346993301C5F}"=""
"{46D84907-CF5A-4894-8B9F-BBDEEF160637}"=""
"{7EFA76E4-36C5-4C19-8A1D-C373619F250E}"=""
"{1567430D-35EA-4726-88AD-5011044B7995}"=""
"{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}"=""
"{75AF8F87-079B-46C8-A445-6F9FD3925005}"=""
"{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}"=""
"{2692FDEC-526F-4178-8617-E66CACB8E8C4}"=""
"{7B52D779-9D0E-4720-9CF9-75DCB1E57449}"=""
"{6DBD7268-B392-496D-AA31-CF94ED34F776}"=""
"{C7B142D1-112D-4B60-BD18-13C78EF2845D}"=""
"{5D04164D-A610-4CB8-8901-B0A0A0689D83}"=""
"{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}"=""
"{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}"=""
"{91295406-F1FD-4429-9314-F77263D15660}"=""
"{1A275532-22FB-4017-AE5A-50CD2B334153}"=""
"{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}"=""
"{DFAF3108-9061-4925-B134-942DB14FBF78}"=""
"{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}"=""
"{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}"=""
"{DE79643E-3728-4222-A47F-CD8DB02BECBF}"=""
"{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}"=""
"{E4482033-AD35-485B-BC00-0ED125608C62}"=""
"{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}"=""
"{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}"=""
"{7326B120-F4DE-4D13-ADAE-601F61147E10}"=""
"{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}"=""
"{F975381F-D94C-4B12-94F3-147EDFC39114}"=""
"{50EEECD7-8567-4353-A00D-35C06B348043}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}]
@=""
"IDEx"="BM2"

[HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxdxmlc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\InprocServer32]
@="C:\\WINDOWS\\system32\\pKutoenr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\InprocServer32]
@="C:\\WINDOWS\\system32\\wedconns.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlsdmoe2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcadss.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\InprocServer32]
@="C:\\WINDOWS\\system32\\skcurity.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgdimap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\InprocServer32]
@="C:\\WINDOWS\\system32\\fosdrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjvidctl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\InprocServer32]
@="C:\\WINDOWS\\system32\\ssorage.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mK28lafu1d28.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxsign32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxxmlr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\wid_ci.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\shmpapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\InprocServer32]
@="C:\\WINDOWS\\system32\\svrstr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\InprocServer32]
@="C:\\WINDOWS\\system32\\skoolss.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\InprocServer32]
@="C:\\WINDOWS\\system32\\tlpelib.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\InprocServer32]
@="C:\\WINDOWS\\system32\\fDultrep.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxprop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\InprocServer32]
@="C:\\WINDOWS\\system32\\ipakeng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\sjcfiles.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\InprocServer32]
@="C:\\WINDOWS\\system32\\krdhept.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkskmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqrepl40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\InprocServer32]
@="C:\\WINDOWS\\system32\\MEC71CHT.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwltus40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\InprocServer32]
@="C:\\WINDOWS\\system32\\myxml3a.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\ciiconfg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\fzst30.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\InprocServer32]
@="C:\\WINDOWS\\system32\\rdcrt4.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\InprocServer32]
@="C:\\WINDOWS\\system32\\miw3prt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\InprocServer32]
@="C:\\WINDOWS\\system32\\sylwoa.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\InprocServer32]
@="C:\\WINDOWS\\system32\\sobiop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\InprocServer32]
@="C:\\WINDOWS\\system32\\denmpntw.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\InprocServer32]
@="C:\\WINDOWS\\system32\\pnwrprof.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}\InprocServer32]
@="C:\\WINDOWS\\system32\\sssinv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}\InprocServer32]
@="C:\\WINDOWS\\system32\\hdj2051oe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}\InprocServer32]
@="C:\\WINDOWS\\system32\\donput.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjrepl40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}\InprocServer32]
@="C:\\WINDOWS\\system32\\epcapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}\InprocServer32]
@="C:\\WINDOWS\\system32\\cqrsrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}\InprocServer32]
@="C:\\WINDOWS\\system32\\wwpencen.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}\InprocServer32]
@="C:\\WINDOWS\\system32\\mutlsapi.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Thu Mar 10 2005 3:02:34a A.... 1,016,832 993.00 K
cdfview.dll Thu Mar 10 2005 3:02:34a A.... 151,040 147.50 K
ciiconfg.dll Sun May 29 2005 11:14:36a ..S.R 232,896 227.44 K
cqrsrv.dll Sat Jun 4 2005 10:35:08a ..S.R 233,949 228.46 K
denmpntw.dll Wed Jun 1 2005 9:30:38a ..S.R 232,896 227.44 K
dkskmon.dll Sat May 21 2005 9:29:26p ..S.R 234,695 229.19 K
donput.dll Thu Jun 2 2005 11:30:24p ..S.R 232,896 227.44 K
dxprop.dll Tue May 17 2005 12:01:42p ..S.R 235,218 229.70 K
epcapi.dll Fri Jun 3 2005 9:14:16p ..S.R 232,896 227.44 K
f4j2le~1.dll Fri May 27 2005 1:50:08a ..S.R 235,218 229.70 K
fdultrep.dll Mon May 16 2005 10:22:36a ..S.R 234,695 229.19 K
fosdrv.dll Sun May 8 2005 2:17:30p ..S.R 234,695 229.19 K
fzst30.dll Fri May 27 2005 2:53:20p ..S.R 232,896 227.44 K
gp06l3~1.dll Fri Jun 3 2005 7:35:22a ..S.R 232,896 227.44 K
gp0ul3~1.dll Sat May 7 2005 11:07:08a ..S.R 235,115 229.60 K
gp6ml3~1.dll Sun Jun 5 2005 11:44:02a ..S.R 233,949 228.46 K
h40q0e~1.dll Mon Jun 6 2005 12:18:44p ..S.R 233,156 227.69 K
hdj205~1.dll Fri Jun 3 2005 3:40:12p ..S.R 232,896 227.44 K
hrj205~1.dll Sun Apr 10 2005 11:50:12a ..S.R 234,680 229.18 K
hrj605~1.dll Fri May 27 2005 2:53:20p ..S.R 233,511 228.04 K
iepeers.dll Thu Mar 10 2005 3:02:34a A.... 250,880 245.00 K
inseng.dll Thu Mar 10 2005 3:02:34a A.... 96,256 94.00 K
ipakeng.dll Wed May 18 2005 10:20:22a ..S.R 234,695 229.19 K
jtl607~1.dll Tue Apr 5 2005 6:36:30p ..S.R 234,747 229.24 K
krdhept.dll Fri May 20 2005 12:17:52p ..S.R 234,695 229.19 K
ktlul7~1.dll Thu Apr 7 2005 11:15:36a ..S.R 233,248 227.78 K
m028la~1.dll Sat Apr 9 2005 5:04:00p ..S.R 233,248 227.78 K
mec71cht.dll Tue May 24 2005 10:58:02a ..S.R 235,218 229.70 K
mgdimap.dll Mon May 2 2005 11:41:32a ..S.R 235,115 229.60 K
miw3prt.dll Mon May 30 2005 11:35:12a ..S.R 232,896 227.44 K
mjrepl40.dll Fri Jun 3 2005 5:19:22p ..S.R 233,949 228.46 K
mjvidctl.dll Mon May 9 2005 11:10:18a ..S.R 234,695 229.19 K
mk28la~1.dll Tue May 10 2005 2:21:16p ..S.R 234,695 229.19 K
mqrepl40.dll Mon May 23 2005 12:20:12p ..S.R 234,695 229.19 K
mshtml.dll Thu Mar 10 2005 3:02:34a A.... 3,010,560 2.87 M
msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M
msihnd.dll Mon Mar 21 2005 3:00:22p A.... 271,360 265.00 K
msimsg.dll Mon Mar 21 2005 3:00:22p A.... 884,736 864.00 K
msisip.dll Mon Mar 21 2005 3:00:22p A.... 15,360 15.00 K
msrating.dll Thu Mar 10 2005 3:02:34a A.... 146,432 143.00 K
mutlsapi.dll Mon Jun 6 2005 12:20:36p ..S.R 233,949 228.46 K
mv20l9~1.dll Tue Apr 12 2005 8:19:32a ..S.R 234,680 229.18 K
mwltus40.dll Wed May 25 2005 10:11:18a ..S.R 234,996 229.49 K
mxsign32.dll Wed May 11 2005 11:20:46a ..S.R 234,695 229.19 K
mxxmlr.dll Thu May 12 2005 11:25:18a ..S.R 234,695 229.19 K
myxml3a.dll Thu May 26 2005 8:43:08p ..S.R 235,218 229.70 K
pnwrprof.dll Wed Jun 1 2005 10:04:04a ..S.R 232,896 227.44 K
rdcrt4.dll Sat May 28 2005 11:42:48p ..S.R 232,896 227.44 K
shdocvw.dll Thu Mar 10 2005 3:02:34a A.... 1,483,264 1.41 M
shlwapi.dll Thu Mar 10 2005 3:02:34a A.... 473,600 462.50 K
shmpapi.dll Sat May 14 2005 10:43:06a ..S.R 234,695 229.19 K
sjcfiles.dll Thu May 19 2005 9:53:38a ..S.R 235,218 229.70 K
skcurity.dll Mon Apr 25 2005 8:57:38p ..S.R 234,680 229.18 K
skoolss.dll Sun May 15 2005 12:35:54p ..S.R 234,695 229.19 K
sobiop.dll Tue May 31 2005 10:12:36p ..S.R 232,896 227.44 K
spmsg.dll Wed May 4 2005 2:45:26p ..... 13,536 13.22 K
ssorage.dll Tue May 10 2005 9:36:38a ..S.R 234,695 229.19 K
sssinv.dll Thu Jun 2 2005 1:35:12p ..S.R 232,896 227.44 K
svrstr.dll Sat May 14 2005 10:26:06p ..S.R 234,695 229.19 K
sylwoa.dll Tue May 31 2005 8:30:10a ..S.R 232,896 227.44 K
tlpelib.dll Sun May 15 2005 3:09:56p ..S.R 235,218 229.70 K
urlmon.dll Thu Mar 10 2005 3:02:36a A.... 607,744 593.50 K
wcadss.dll Wed Apr 20 2005 10:07:54p ..S.R 234,680 229.18 K
wedconns.dll Sat Apr 9 2005 4:31:56p ..S.R 233,248 227.78 K
wid_ci.dll Fri May 13 2005 10:33:12a ..S.R 234,695 229.19 K
wininet.dll Thu Mar 10 2005 3:02:36a A.... 656,896 641.50 K
wlsdmoe2.dll Fri Apr 15 2005 3:48:24p ..S.R 234,680 229.18 K
wwpencen.dll Sat Jun 4 2005 11:06:28p ..S.R 234,804 229.30 K

68 items found: 68 files (53 H/S), 0 directories.
Total of file sizes: 24,378,501 bytes 23.25 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is HP_PAVILION
Volume Seri*hier nicht!* Number is 28FB-76ED

Directory of C:\WINDOWS\System32

06/06/2005 12:20 PM 233,949 mutlsapi.dll
06/06/2005 12:18 PM 233,156 h40q0ed5eh0.dll
06/05/2005 11:44 AM 233,949 gp6ml3j11.dll
06/04/2005 11:06 PM 234,804 wwpencen.dll
06/04/2005 10:35 AM 233,949 cqrsrv.dll
06/03/2005 09:14 PM 232,896 epcapi.dll
06/03/2005 05:19 PM 233,949 mjrepl40.dll
06/03/2005 03:40 PM 232,896 hdj2051oe.dll
06/03/2005 07:35 AM 232,896 gp06l3ds1.dll
06/02/2005 11:30 PM 232,896 donput.dll
06/02/2005 01:35 PM 232,896 sssinv.dll
06/01/2005 10:04 AM 232,896 pnwrprof.dll
06/01/2005 09:30 AM 232,896 denmpntw.dll
05/31/2005 10:12 PM 232,896 sobiop.dll
05/31/2005 08:30 AM 232,896 sylwoa.dll
05/30/2005 11:35 AM 232,896 miw3prt.dll
05/29/2005 11:14 AM 232,896 ciiconfg.dll
05/28/2005 11:42 PM 232,896 rdcrt4.dll
05/27/2005 02:53 PM 232,896 fzst30.dll
05/27/2005 02:53 PM 233,511 hrj6051se.dll
05/27/2005 01:50 AM 235,218 f4j2le1o1h.dll
05/26/2005 08:43 PM 235,218 myxml3a.dll
05/25/2005 10:11 AM 234,996 mwltus40.dll
05/24/2005 10:58 AM 235,218 MEC71CHT.DLL
05/23/2005 12:20 PM 234,695 mqrepl40.dll
05/21/2005 09:29 PM 234,695 dkskmon.dll
05/20/2005 12:17 PM 234,695 krdhept.dll
05/19/2005 09:53 AM 235,218 sjcfiles.dll
05/19/2005 12:16 AM <DIR> dllcache
05/18/2005 10:20 AM 234,695 ipakeng.dll
05/17/2005 12:01 PM 235,218 dxprop.dll
05/16/2005 10:22 AM 234,695 fDultrep.dll
05/15/2005 03:09 PM 235,218 tlpelib.dll
05/15/2005 12:35 PM 234,695 skoolss.dll
05/14/2005 10:26 PM 234,695 svrstr.dll
05/14/2005 10:43 AM 234,695 shmpapi.dll
05/13/2005 10:33 AM 234,695 wid_ci.dll
05/12/2005 11:25 AM 234,695 mxxmlr.dll
05/11/2005 11:20 AM 234,695 mxsign32.dll
05/10/2005 02:21 PM 234,695 mK28lafu1d28.dll
05/10/2005 09:36 AM 234,695 ssorage.dll
05/09/2005 11:10 AM 234,695 mjvidctl.dll
05/08/2005 02:17 PM 234,695 fosdrv.dll
05/07/2005 11:07 AM 235,115 gp0ul3d91.dll
05/02/2005 11:41 AM 235,115 mgdimap.dll
04/25/2005 08:57 PM 234,680 skcurity.dll
04/20/2005 10:07 PM 234,680 wcadss.dll
04/15/2005 03:48 PM 234,680 wlsdmoe2.dll
04/12/2005 08:19 AM 234,680 mv20l9fm1.dll
04/10/2005 11:50 AM 234,680 hrj2051oe.dll
04/09/2005 05:03 PM 233,248 m028lafu1d28.dll
04/09/2005 04:31 PM 233,248 wedconns.dll
04/07/2005 11:15 AM 233,248 ktlul7391.dll
04/05/2005 06:36 PM 234,747 jtl6073se.dll
01/18/2005 05:00 PM 56 245ED74026.sys
01/18/2005 05:00 PM 1,682 KGyGaAvL.sys
08/11/2004 08:15 PM <DIR> Microsoft
55 File(s) 12,411,503 bytes
2 Dir(s) 9,315,418,112 bytes free

______________________________________________________________________







RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C access for really "Everyone"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Angela\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Angela\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1776 'explorer.exe'
Killing PID 1776 'explorer.exe'
Killing PID 1776 'explorer.exe'
Killing PID 1776 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1556 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (140 bytes security) (deflated 72%)
adding: echo.reg (140 bytes security) (deflated 9%)
adding: direct.txt (140 bytes security) (stored 0%)
adding: lo2.txt (140 bytes security) (deflated 74%)
adding: readme.txt (140 bytes security) (deflated 49%)
adding: report.txt (140 bytes security) (deflated 78%)
adding: test.txt (140 bytes security) (deflated 84%)
adding: test2.txt (140 bytes security) (deflated 50%)
adding: test3.txt (140 bytes security) (deflated 50%)
adding: test5.txt (140 bytes security) (deflated 50%)
adding: backregs/005A89C2-AE24-4C65-91E4-1A30DA75F9A3.reg (140 bytes security) (deflated 70%)
adding: backregs/00F60C95-0B4A-4ADC-AF26-5260366EB6B3.reg (140 bytes security) (deflated 70%)
adding: backregs/061BFF0D-2618-4C6C-AA78-9064F55A6C73.reg (140 bytes security) (deflated 70%)
adding: backregs/0AF9B593-43D4-4398-A195-A976D8EC3833.reg (140 bytes security) (deflated 70%)
adding: backregs/1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA.reg (140 bytes security) (deflated 70%)
adding: backregs/1567430D-35EA-4726-88AD-5011044B7995.reg (140 bytes security) (deflated 70%)
adding: backregs/1A275532-22FB-4017-AE5A-50CD2B334153.reg (140 bytes security) (deflated 70%)
adding: backregs/216DCBDA-A5D9-490F-8102-4FD10999AA57.reg (140 bytes security) (deflated 70%)
adding: backregs/2692FDEC-526F-4178-8617-E66CACB8E8C4.reg (140 bytes security) (deflated 70%)
adding: backregs/2BD8E89F-A902-4BFA-A377-3933CD38A04A.reg (140 bytes security) (deflated 70%)
adding: backregs/2F116526-4361-476E-A6F5-B0DC5ED31D5C.reg (140 bytes security) (deflated 70%)
adding: backregs/346F3D22-0C4D-41D2-AF17-87606258A222.reg (140 bytes security) (deflated 70%)
adding: backregs/359D04D9-FD1F-4606-981B-448CD85AB6CC.reg (140 bytes security) (deflated 70%)
adding: backregs/46D84907-CF5A-4894-8B9F-BBDEEF160637.reg (140 bytes security) (deflated 70%)
adding: backregs/50EEECD7-8567-4353-A00D-35C06B348043.reg (140 bytes security) (deflated 70%)
adding: backregs/53C464BF-3DB5-4241-8C94-346993301C5F.reg (140 bytes security) (deflated 70%)
adding: backregs/54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF.reg (140 bytes security) (deflated 70%)
adding: backregs/5A29374A-F94A-485C-B0F9-E365D8E1E8CA.reg (140 bytes security) (deflated 70%)
adding: backregs/5D04164D-A610-4CB8-8901-B0A0A0689D83.reg (140 bytes security) (deflated 70%)
adding: backregs/614478F8-69CD-4397-983D-EBC674E62C97.reg (140 bytes security) (deflated 70%)
adding: backregs/628BB7CA-5CFB-4F46-AE81-DA6BD9455D00.reg (140 bytes security) (deflated 70%)
adding: backregs/643C23A8-0B62-4FB9-BDFE-8FAE438687A5.reg (140 bytes security) (deflated 70%)
adding: backregs/6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F.reg (140 bytes security) (deflated 70%)
adding: backregs/6C177A40-4CBC-449A-AEF6-CC8D07F6AA1B.reg (140 bytes security) (deflated 70%)
adding: backregs/6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E.reg (140 bytes security) (deflated 70%)
adding: backregs/6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD.reg (140 bytes security) (deflated 70%)
adding: backregs/6DBD7268-B392-496D-AA31-CF94ED34F776.reg (140 bytes security) (deflated 70%)
adding: backregs/7326B120-F4DE-4D13-ADAE-601F61147E10.reg (140 bytes security) (deflated 70%)
adding: backregs/75AF8F87-079B-46C8-A445-6F9FD3925005.reg (140 bytes security) (deflated 70%)
adding: backregs/785E39BF-3A7A-4E70-AD07-379E976F94DD.reg (140 bytes security) (deflated 70%)
adding: backregs/7B52D779-9D0E-4720-9CF9-75DCB1E57449.reg (140 bytes security) (deflated 70%)
adding: backregs/7EFA76E4-36C5-4C19-8A1D-C373619F250E.reg (140 bytes security) (deflated 70%)
adding: backregs/80133EDF-AF85-4F1C-9E26-F1F8333E74BD.reg (140 bytes security) (deflated 70%)
adding: backregs/91295406-F1FD-4429-9314-F77263D15660.reg (140 bytes security) (deflated 70%)
adding: backregs/A9373222-2934-4852-9BDB-1328E3E4ABAB.reg (140 bytes security) (deflated 69%)
adding: backregs/AC9FCC1E-6B2C-4868-AC54-C9845C123C23.reg (140 bytes security) (deflated 70%)
adding: backregs/B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80.reg (140 bytes security) (deflated 70%)
adding: backregs/C31B36DB-6332-440B-A12F-465CE6B06E6C.reg (140 bytes security) (deflated 70%)
adding: backregs/C7B142D1-112D-4B60-BD18-13C78EF2845D.reg (140 bytes security) (deflated 70%)
adding: backregs/CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4.reg (140 bytes security) (deflated 70%)
adding: backregs/CE69A826-2E69-4514-85BF-D20601885770.reg (140 bytes security) (deflated 70%)
adding: backregs/CF1DCB70-2191-4660-BB70-D8154FF3E2EE.reg (140 bytes security) (deflated 70%)
adding: backregs/D52CC0C0-A183-448E-9F69-E2BC96502DE3.reg (140 bytes security) (deflated 70%)
adding: backregs/DE79643E-3728-4222-A47F-CD8DB02BECBF.reg (140 bytes security) (deflated 70%)
adding: backregs/DFAF3108-9061-4925-B134-942DB14FBF78.reg (140 bytes security) (deflated 70%)
adding: backregs/E4482033-AD35-485B-BC00-0ED125608C62.reg (140 bytes security) (deflated 70%)
adding: backregs/ED76051A-ADFC-463F-A632-4E350A1BD4EA.reg (140 bytes security) (deflated 70%)
adding: backregs/F975381F-D94C-4B12-94F3-147EDFC39114.reg (140 bytes security) (deflated 70%)
adding: backregs/FFBC018A-3FBC-4C76-BA39-857AC8A3D127.reg (140 bytes security) (deflated 70%)
adding: backregs/shell.reg (140 bytes security) (deflated 72%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"
Warning (option /rge) - There is no ACE to remove!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\H323TSP]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\h40q0ed5eh0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A9373222-2934-4852-9BDB-1328E3E4ABAB}"=-
"{C31B36DB-6332-440B-A12F-465CE6B06E6C}"=-
"{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}"=-
"{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"=-
"{216DCBDA-A5D
Seitenanfang Seitenende
07.06.2005, 00:09
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 {2F116526-4361-476E-A6F5-B0DC5ED31D5C}"=-
"{216DCBDA-A5D9-490F-8102-4FD10999AA57}"=-
"{346F3D22-0C4D-41D2-AF17-87606258A222}"=-
"{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}"=-
"{061BFF0D-2618-4C6C-AA78-9064F55A6C73}"=-
"{785E39BF-3A7A-4E70-AD07-379E976F94DD}"=-
"{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}"=-
"{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}"=-
"{2BD8E89F-A902-4BFA-A377-3933CD38A04A}"=-
"{D52CC0C0-A183-448E-9F69-E2BC96502DE3}"=-
"{359D04D9-FD1F-4606-981B-448CD85AB6CC}"=-
"{0AF9B593-43D4-4398-A195-A976D8EC3833}"=-
"{ED76051A-ADFC-463F-A632-4E350A1BD4EA}"=-
"{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}"=-
"{CE69A826-2E69-4514-85BF-D20601885770}"=-
"{614478F8-69CD-4397-983D-EBC674E62C97}"=-
"{53C464BF-3DB5-4241-8C94-346993301C5F}"=-
"{46D84907-CF5A-4894-8B9F-BBDEEF160637}"=-
"{7EFA76E4-36C5-4C19-8A1D-C373619F250E}"=-
"{1567430D-35EA-4726-88AD-5011044B7995}"=-
"{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}"=-
"{75AF8F87-079B-46C8-A445-6F9FD3925005}"=-
"{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}"=-
"{2692FDEC-526F-4178-8617-E66CACB8E8C4}"=-
"{7B52D779-9D0E-4720-9CF9-75DCB1E57449}"=-
"{6DBD7268-B392-496D-AA31-CF94ED34F776}"=-
"{C7B142D1-112D-4B60-BD18-13C78EF2845D}"=-
"{5D04164D-A610-4CB8-8901-B0A0A0689D83}"=-
"{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}"=-
"{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}"=-
"{91295406-F1FD-4429-9314-F77263D15660}"=-
"{1A275532-22FB-4017-AE5A-50CD2B334153}"=-
"{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}"=-
"{DFAF3108-9061-4925-B134-942DB14FBF78}"=-
"{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}"=-
"{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}"=-
"{DE79643E-3728-4222-A47F-CD8DB02BECBF}"=-
"{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}"=-
"{E4482033-AD35-485B-BC00-0ED125608C62}"=-
"{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}"=-
"{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}"=-
"{7326B120-F4DE-4D13-ADAE-601F61147E10}"=-
"{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}"=-
"{F975381F-D94C-4B12-94F3-147EDFC39114}"=-
"{50EEECD7-8567-4353-A00D-35C06B348043}"=-
"{6C177A40-4CBC-449A-AEF6-CC8D07F6AA1B}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}]
[-HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}]
[-HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}]
[-HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}]
[-HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}]
[-HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}]
[-HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}]
[-HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}]
[-HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}]
[-HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}]
[-HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}]
[-HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}]
[-HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}]
[-HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}]
[-HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}]
[-HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}]
[-HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}]
[-HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}]
[-HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}]
[-HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}]
[-HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}]
[-HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}]
[-HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}]
[-HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}]
[-HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}]
[-HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}]
[-HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}]
[-HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}]
[-HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}]
[-HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}]
[-HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}]
[-HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}]
[-HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}]
[-HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}]
[-HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}]
[-HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}]
[-HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}]
[-HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}]
[-HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}]
[-HKEY_CLASSES_ROOT\CLSID\{DE79643E-3728-4222-A47F-CD8DB02BECBF}]
[-HKEY_CLASSES_ROOT\CLSID\{5A29374A-F94A-485C-B0F9-E365D8E1E8CA}]
[-HKEY_CLASSES_ROOT\CLSID\{E4482033-AD35-485B-BC00-0ED125608C62}]
[-HKEY_CLASSES_ROOT\CLSID\{6C99DBC3-E631-47A6-9CD0-BAF9FE88EE2E}]
[-HKEY_CLASSES_ROOT\CLSID\{B4CB6D71-5925-4782-8EC4-6CE8B6ECCA80}]
[-HKEY_CLASSES_ROOT\CLSID\{7326B120-F4DE-4D13-ADAE-601F61147E10}]
[-HKEY_CLASSES_ROOT\CLSID\{FFBC018A-3FBC-4C76-BA39-857AC8A3D127}]
[-HKEY_CLASSES_ROOT\CLSID\{F975381F-D94C-4B12-94F3-147EDFC39114}]
[-HKEY_CLASSES_ROOT\CLSID\{50EEECD7-8567-4353-A00D-35C06B348043}]
[-HKEY_CLASSES_ROOT\CLSID\{6C177A40-4CBC-449A-AEF6-CC8D07F6AA1B}]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


Panda laeuft noch, hat aber schon 10 files gefunden.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.06.2005, 01:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 Hallo@BlueAngel200

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html



•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

reinkopieren : (ich hoffe, der pfad ist korrekt) ;)

C:\MyFunCardsFWBInitialSetup1.0.0.8[1].cab

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes"

PC neustarten

Bitte das ganze noch einmal,(L2MFIX) aber dann bitte alles posten,der PC ist /war voellig verseucht und ich muss sehen, ob das Tool loescht oder du manuell loeschen musst...also bitte alles noch einmal
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.06.2005, 20:23
...neu hier

Themenstarter

Beiträge: 7
#6 oki, habe alles gemacht was du gesagt hast. Allerdings ging gestern gar nichts mehr. Habe mit einem Programm versucht viren zu loeschen und nach dem reboot hat er mir zuerst den "Acsess denied" zu meinem Account und als es dann doch ging oeffnete sich IE am laufenden Band von selber mit wirren Seiten. Wir haben ein System recovery gemacht zum stand von anfang des Monats und von da aus hab ich nun alle deine Anweisungen befolgt. Also hier die Reports.

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\kt28l7fu1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{49690D94-04F2-5F83-E517-8901FE3E8941}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{A9373222-2934-4852-9BDB-1328E3E4ABAB}"=""
"{C31B36DB-6332-440B-A12F-465CE6B06E6C}"=""
"{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}"=""
"{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"=""
"{216DCBDA-A5D9-490F-8102-4FD10999AA57}"=""
"{346F3D22-0C4D-41D2-AF17-87606258A222}"=""
"{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}"=""
"{061BFF0D-2618-4C6C-AA78-9064F55A6C73}"=""
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{785E39BF-3A7A-4E70-AD07-379E976F94DD}"=""
"{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}"=""
"{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}"=""
"{2BD8E89F-A902-4BFA-A377-3933CD38A04A}"=""
"{D52CC0C0-A183-448E-9F69-E2BC96502DE3}"=""
"{359D04D9-FD1F-4606-981B-448CD85AB6CC}"=""
"{0AF9B593-43D4-4398-A195-A976D8EC3833}"=""
"{ED76051A-ADFC-463F-A632-4E350A1BD4EA}"=""
"{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}"=""
"{CE69A826-2E69-4514-85BF-D20601885770}"=""
"{614478F8-69CD-4397-983D-EBC674E62C97}"=""
"{53C464BF-3DB5-4241-8C94-346993301C5F}"=""
"{46D84907-CF5A-4894-8B9F-BBDEEF160637}"=""
"{7EFA76E4-36C5-4C19-8A1D-C373619F250E}"=""
"{1567430D-35EA-4726-88AD-5011044B7995}"=""
"{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}"=""
"{75AF8F87-079B-46C8-A445-6F9FD3925005}"=""
"{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}"=""
"{2692FDEC-526F-4178-8617-E66CACB8E8C4}"=""
"{7B52D779-9D0E-4720-9CF9-75DCB1E57449}"=""
"{6DBD7268-B392-496D-AA31-CF94ED34F776}"=""
"{C7B142D1-112D-4B60-BD18-13C78EF2845D}"=""
"{5D04164D-A610-4CB8-8901-B0A0A0689D83}"=""
"{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}"=""
"{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}"=""
"{91295406-F1FD-4429-9314-F77263D15660}"=""
"{1A275532-22FB-4017-AE5A-50CD2B334153}"=""
"{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}"=""
"{DFAF3108-9061-4925-B134-942DB14FBF78}"=""
"{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}"=""
"{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}"=""
"{B3F17340-9166-4272-B946-F91DE63A782E}"=""
"{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}"=""
"{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}]
@=""
"IDEx"="BM2"

[HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxdxmlc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}\InprocServer32]
@="C:\\WINDOWS\\system32\\pKutoenr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}\InprocServer32]
@="C:\\WINDOWS\\system32\\wedconns.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}\InprocServer32]
@="C:\\WINDOWS\\system32\\wlsdmoe2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcadss.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}\InprocServer32]
@="C:\\WINDOWS\\system32\\skcurity.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgdimap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}\InprocServer32]
@="C:\\WINDOWS\\system32\\fosdrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjvidctl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}\InprocServer32]
@="C:\\WINDOWS\\system32\\ssorage.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mK28lafu1d28.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxsign32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxxmlr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\wid_ci.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\shmpapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}\InprocServer32]
@="C:\\WINDOWS\\system32\\svrstr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}\InprocServer32]
@="C:\\WINDOWS\\system32\\skoolss.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}\InprocServer32]
@="C:\\WINDOWS\\system32\\tlpelib.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}\InprocServer32]
@="C:\\WINDOWS\\system32\\fDultrep.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxprop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}\InprocServer32]
@="C:\\WINDOWS\\system32\\ipakeng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\sjcfiles.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}\InprocServer32]
@="C:\\WINDOWS\\system32\\krdhept.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkskmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqrepl40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}\InprocServer32]
@="C:\\WINDOWS\\system32\\MEC71CHT.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwltus40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}\InprocServer32]
@="C:\\WINDOWS\\system32\\myxml3a.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\ciiconfg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}\InprocServer32]
@="C:\\WINDOWS\\system32\\fzst30.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}\InprocServer32]
@="C:\\WINDOWS\\system32\\rdcrt4.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}\InprocServer32]
@="C:\\WINDOWS\\system32\\miw3prt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}\InprocServer32]
@="C:\\WINDOWS\\system32\\sylwoa.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}\InprocServer32]
@="C:\\WINDOWS\\system32\\sobiop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}\InprocServer32]
@="C:\\WINDOWS\\system32\\denmpntw.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}\InprocServer32]
@="C:\\WINDOWS\\system32\\pnwrprof.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B3F17340-9166-4272-B946-F91DE63A782E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F17340-9166-4272-B946-F91DE63A782E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F17340-9166-4272-B946-F91DE63A782E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3F17340-9166-4272-B946-F91DE63A782E}\InprocServer32]
@="C:\\WINDOWS\\system32\\izfxres.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}\InprocServer32]
@="C:\\WINDOWS\\system32\\ikfxres.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}\InprocServer32]
@="C:\\WINDOWS\\system32\\aului.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aului.dll Tue Jun 7 2005 12:25:46p ..S.R 232,896 227.44 K
browseui.dll Thu Mar 10 2005 3:02:34a A.... 1,016,832 993.00 K
cdfview.dll Thu Mar 10 2005 3:02:34a A.... 151,040 147.50 K
ciiconfg.dll Sun May 29 2005 11:14:36a ..S.R 232,896 227.44 K
denmpntw.dll Wed Jun 1 2005 9:30:38a ..S.R 232,896 227.44 K
dkskmon.dll Sat May 21 2005 9:29:26p ..S.R 234,695 229.19 K
dxprop.dll Tue May 17 2005 12:01:42p ..S.R 235,218 229.70 K
f4j2le~1.dll Fri May 27 2005 1:50:08a ..S.R 235,218 229.70 K
fdultrep.dll Mon May 16 2005 10:22:36a ..S.R 234,695 229.19 K
fosdrv.dll Sun May 8 2005 2:17:30p ..S.R 234,695 229.19 K
fzst30.dll Fri May 27 2005 2:53:20p ..S.R 232,896 227.44 K
gp0ul3~1.dll Sat May 7 2005 11:07:08a ..S.R 235,115 229.60 K
hrj205~1.dll Sun Apr 10 2005 11:50:12a ..S.R 234,680 229.18 K
hrj605~1.dll Fri May 27 2005 2:53:20p ..S.R 233,511 228.04 K
iepeers.dll Thu Mar 10 2005 3:02:34a A.... 250,880 245.00 K
ikfxres.dll Tue Jun 7 2005 11:25:44a ..S.R 234,272 228.78 K
inseng.dll Thu Mar 10 2005 3:02:34a A.... 96,256 94.00 K
ipakeng.dll Wed May 18 2005 10:20:22a ..S.R 234,695 229.19 K
izfxres.dll Mon Jun 6 2005 10:03:46p ..S.R 232,896 227.44 K
jtl607~1.dll Tue Apr 5 2005 6:36:30p ..S.R 234,747 229.24 K
krdhept.dll Fri May 20 2005 12:17:52p ..S.R 234,695 229.19 K
kt28l7~1.dll Mon Jun 6 2005 10:45:46p ..S.R 232,896 227.44 K
ktlul7~1.dll Thu Apr 7 2005 11:15:36a ..S.R 233,248 227.78 K
l0l6la~1.dll Tue Jun 7 2005 12:23:50p ..S.R 234,272 228.78 K
lt0027~1.dll Wed Jun 1 2005 9:37:40a ..S.R 232,896 227.44 K
m028la~1.dll Sat Apr 9 2005 5:04:00p ..S.R 233,248 227.78 K
mec71cht.dll Tue May 24 2005 10:58:02a ..S.R 235,218 229.70 K
mfimg32.dll Mon Jun 6 2005 9:17:34p ..... 234,272 228.78 K
mgdimap.dll Mon May 2 2005 11:41:32a ..S.R 235,115 229.60 K
miw3prt.dll Mon May 30 2005 11:35:12a ..S.R 232,896 227.44 K
mjvidctl.dll Mon May 9 2005 11:10:18a ..S.R 234,695 229.19 K
mk28la~1.dll Tue May 10 2005 2:21:16p ..S.R 234,695 229.19 K
mqrepl40.dll Mon May 23 2005 12:20:12p ..S.R 234,695 229.19 K
mshtml.dll Thu Mar 10 2005 3:02:34a A.... 3,010,560 2.87 M
msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M
msihnd.dll Mon Mar 21 2005 3:00:22p A.... 271,360 265.00 K
msimsg.dll Mon Mar 21 2005 3:00:22p A.... 884,736 864.00 K
msisip.dll Mon Mar 21 2005 3:00:22p A.... 15,360 15.00 K
msrating.dll Thu Mar 10 2005 3:02:34a A.... 146,432 143.00 K
mv20l9~1.dll Tue Apr 12 2005 8:19:32a ..S.R 234,680 229.18 K
mwltus40.dll Wed May 25 2005 10:11:18a ..S.R 234,996 229.49 K
mxsign32.dll Wed May 11 2005 11:20:46a ..S.R 234,695 229.19 K
mxxmlr.dll Thu May 12 2005 11:25:18a ..S.R 234,695 229.19 K
myxml3a.dll Thu May 26 2005 8:43:08p ..S.R 235,218 229.70 K
pnwrprof.dll Wed Jun 1 2005 10:04:04a ..S.R 232,896 227.44 K
rdcrt4.dll Sat May 28 2005 11:42:48p ..S.R 232,896 227.44 K
shdocvw.dll Thu Mar 10 2005 3:02:34a A.... 1,483,264 1.41 M
shlwapi.dll Thu Mar 10 2005 3:02:34a A.... 473,600 462.50 K
shmpapi.dll Sat May 14 2005 10:43:06a ..S.R 234,695 229.19 K
sjcfiles.dll Thu May 19 2005 9:53:38a ..S.R 235,218 229.70 K
skcurity.dll Mon Apr 25 2005 8:57:38p ..S.R 234,680 229.18 K
skoolss.dll Sun May 15 2005 12:35:54p ..S.R 234,695 229.19 K
sobiop.dll Tue May 31 2005 10:12:36p ..S.R 232,896 227.44 K
spmsg.dll Wed May 4 2005 2:45:26p ..... 13,536 13.22 K
ssorage.dll Tue May 10 2005 9:36:38a ..S.R 234,695 229.19 K
svrstr.dll Sat May 14 2005 10:26:06p ..S.R 234,695 229.19 K
sylwoa.dll Tue May 31 2005 8:30:10a ..S.R 232,896 227.44 K
tlpelib.dll Sun May 15 2005 3:09:56p ..S.R 235,218 229.70 K
urlmon.dll Thu Mar 10 2005 3:02:36a A.... 607,744 593.50 K
wcadss.dll Wed Apr 20 2005 10:07:54p ..S.R 234,680 229.18 K
wedconns.dll Sat Apr 9 2005 4:31:56p ..S.R 233,248 227.78 K
wid_ci.dll Fri May 13 2005 10:33:12a ..S.R 234,695 229.19 K
wininet.dll Thu Mar 10 2005 3:02:36a A.... 656,896 641.50 K
wlsdmoe2.dll Fri Apr 15 2005 3:48:24p ..S.R 234,680 229.18 K

64 items found: 64 files (48 H/S), 0 directories.
Total of file sizes: 23,444,665 bytes 22.36 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is HP_PAVILION
Volume Seri*hier nicht!* Number is 28FB-76ED

Directory of C:\WINDOWS\System32

06/07/2005 12:25 PM 232,896 aului.dll
06/07/2005 12:23 PM 234,272 l0l6la3s1d.dll
06/07/2005 11:25 AM 234,272 ikfxres.dll
06/06/2005 10:45 PM 232,896 kt28l7fu1.dll
06/06/2005 10:03 PM 232,896 izfxres.dll
06/01/2005 10:04 AM 232,896 pnwrprof.dll
06/01/2005 09:37 AM 232,896 lt0027dmg.dll
06/01/2005 09:30 AM 232,896 denmpntw.dll
05/31/2005 10:12 PM 232,896 sobiop.dll
05/31/2005 08:30 AM 232,896 sylwoa.dll
05/30/2005 11:35 AM 232,896 miw3prt.dll
05/29/2005 11:14 AM 232,896 ciiconfg.dll
05/28/2005 11:42 PM 232,896 rdcrt4.dll
05/27/2005 02:53 PM 232,896 fzst30.dll
05/27/2005 02:53 PM 233,511 hrj6051se.dll
05/27/2005 01:50 AM 235,218 f4j2le1o1h.dll
05/26/2005 08:43 PM 235,218 myxml3a.dll
05/25/2005 10:11 AM 234,996 mwltus40.dll
05/24/2005 10:58 AM 235,218 MEC71CHT.DLL
05/23/2005 12:20 PM 234,695 mqrepl40.dll
05/21/2005 09:29 PM 234,695 dkskmon.dll
05/20/2005 12:17 PM 234,695 krdhept.dll
05/19/2005 09:53 AM 235,218 sjcfiles.dll
05/19/2005 12:16 AM <DIR> dllcache
05/18/2005 10:20 AM 234,695 ipakeng.dll
05/17/2005 12:01 PM 235,218 dxprop.dll
05/16/2005 10:22 AM 234,695 fDultrep.dll
05/15/2005 03:09 PM 235,218 tlpelib.dll
05/15/2005 12:35 PM 234,695 skoolss.dll
05/14/2005 10:26 PM 234,695 svrstr.dll
05/14/2005 10:43 AM 234,695 shmpapi.dll
05/13/2005 10:33 AM 234,695 wid_ci.dll
05/12/2005 11:25 AM 234,695 mxxmlr.dll
05/11/2005 11:20 AM 234,695 mxsign32.dll
05/10/2005 02:21 PM 234,695 mK28lafu1d28.dll
05/10/2005 09:36 AM 234,695 ssorage.dll
05/09/2005 11:10 AM 234,695 mjvidctl.dll
05/08/2005 02:17 PM 234,695 fosdrv.dll
05/07/2005 11:07 AM 235,115 gp0ul3d91.dll
05/02/2005 11:41 AM 235,115 mgdimap.dll
04/25/2005 08:57 PM 234,680 skcurity.dll
04/20/2005 10:07 PM 234,680 wcadss.dll
04/15/2005 03:48 PM 234,680 wlsdmoe2.dll
04/12/2005 08:19 AM 234,680 mv20l9fm1.dll
04/10/2005 11:50 AM 234,680 hrj2051oe.dll
04/09/2005 05:03 PM 233,248 m028lafu1d28.dll
04/09/2005 04:31 PM 233,248 wedconns.dll
04/07/2005 11:15 AM 233,248 ktlul7391.dll
04/05/2005 06:36 PM 234,747 jtl6073se.dll
01/18/2005 05:00 PM 56 245ED74026.sys
01/18/2005 05:00 PM 1,682 KGyGaAvL.sys
08/11/2004 08:15 PM <DIR> Microsoft
50 File(s) 11,243,395 bytes
2 Dir(s) 10,565,603,328 bytes free

Und hier der 2.Report

L2Mfix 1.02b

Running From:
C:\DOCUME~1\Angela\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C access for really "Everyone"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Everyone
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\Angela\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\Angela\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 896 'explorer.exe'
Killing PID 896 'explorer.exe'
Killing PID 896 'explorer.exe'
Killing PID 896 'explorer.exe'
Killing PID 896 'explorer.exe'
Killing PID 896 'explorer.exe'
Killing PID 896 'explorer.exe'
Killing PID 896 'explorer.exe'
Killing PID 896 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 320 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (140 bytes security) (deflated 72%)
adding: echo.reg (140 bytes security) (deflated 9%)
adding: direct.txt (140 bytes security) (stored 0%)
adding: lo2.txt (140 bytes security) (deflated 74%)
adding: readme.txt (140 bytes security) (deflated 49%)
adding: report.txt (140 bytes security) (deflated 78%)
adding: test.txt (140 bytes security) (deflated 83%)
adding: test2.txt (140 bytes security) (deflated 50%)
adding: test3.txt (140 bytes security) (deflated 50%)
adding: test5.txt (140 bytes security) (deflated 50%)
adding: backregs/005A89C2-AE24-4C65-91E4-1A30DA75F9A3.reg (140 bytes security) (deflated 70%)
adding: backregs/00F60C95-0B4A-4ADC-AF26-5260366EB6B3.reg (140 bytes security) (deflated 70%)
adding: backregs/061BFF0D-2618-4C6C-AA78-9064F55A6C73.reg (140 bytes security) (deflated 70%)
adding: backregs/0AF9B593-43D4-4398-A195-A976D8EC3833.reg (140 bytes security) (deflated 70%)
adding: backregs/1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA.reg (140 bytes security) (deflated 70%)
adding: backregs/1567430D-35EA-4726-88AD-5011044B7995.reg (140 bytes security) (deflated 70%)
adding: backregs/1A275532-22FB-4017-AE5A-50CD2B334153.reg (140 bytes security) (deflated 70%)
adding: backregs/216DCBDA-A5D9-490F-8102-4FD10999AA57.reg (140 bytes security) (deflated 70%)
adding: backregs/2692FDEC-526F-4178-8617-E66CACB8E8C4.reg (140 bytes security) (deflated 70%)
adding: backregs/2BD8E89F-A902-4BFA-A377-3933CD38A04A.reg (140 bytes security) (deflated 70%)
adding: backregs/2F116526-4361-476E-A6F5-B0DC5ED31D5C.reg (140 bytes security) (deflated 70%)
adding: backregs/346F3D22-0C4D-41D2-AF17-87606258A222.reg (140 bytes security) (deflated 70%)
adding: backregs/359D04D9-FD1F-4606-981B-448CD85AB6CC.reg (140 bytes security) (deflated 70%)
adding: backregs/46D84907-CF5A-4894-8B9F-BBDEEF160637.reg (140 bytes security) (deflated 70%)
adding: backregs/53C464BF-3DB5-4241-8C94-346993301C5F.reg (140 bytes security) (deflated 70%)
adding: backregs/54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF.reg (140 bytes security) (deflated 70%)
adding: backregs/5D04164D-A610-4CB8-8901-B0A0A0689D83.reg (140 bytes security) (deflated 70%)
adding: backregs/614478F8-69CD-4397-983D-EBC674E62C97.reg (140 bytes security) (deflated 70%)
adding: backregs/628BB7CA-5CFB-4F46-AE81-DA6BD9455D00.reg (140 bytes security) (deflated 70%)
adding: backregs/643C23A8-0B62-4FB9-BDFE-8FAE438687A5.reg (140 bytes security) (deflated 70%)
adding: backregs/6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F.reg (140 bytes security) (deflated 70%)
adding: backregs/6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4.reg (140 bytes security) (deflated 70%)
adding: backregs/6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD.reg (140 bytes security) (deflated 70%)
adding: backregs/6DBD7268-B392-496D-AA31-CF94ED34F776.reg (140 bytes security) (deflated 70%)
adding: backregs/75AF8F87-079B-46C8-A445-6F9FD3925005.reg (140 bytes security) (deflated 70%)
adding: backregs/785E39BF-3A7A-4E70-AD07-379E976F94DD.reg (140 bytes security) (deflated 70%)
adding: backregs/7B52D779-9D0E-4720-9CF9-75DCB1E57449.reg (140 bytes security) (deflated 70%)
adding: backregs/7EFA76E4-36C5-4C19-8A1D-C373619F250E.reg (140 bytes security) (deflated 70%)
adding: backregs/80133EDF-AF85-4F1C-9E26-F1F8333E74BD.reg (140 bytes security) (deflated 70%)
adding: backregs/91295406-F1FD-4429-9314-F77263D15660.reg (140 bytes security) (deflated 70%)
adding: backregs/99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4.reg (140 bytes security) (deflated 70%)
adding: backregs/A9373222-2934-4852-9BDB-1328E3E4ABAB.reg (140 bytes security) (deflated 69%)
adding: backregs/AC9FCC1E-6B2C-4868-AC54-C9845C123C23.reg (140 bytes security) (deflated 70%)
adding: backregs/B3F17340-9166-4272-B946-F91DE63A782E.reg (140 bytes security) (deflated 70%)
adding: backregs/C31B36DB-6332-440B-A12F-465CE6B06E6C.reg (140 bytes security) (deflated 70%)
adding: backregs/C7B142D1-112D-4B60-BD18-13C78EF2845D.reg (140 bytes security) (deflated 70%)
adding: backregs/CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4.reg (140 bytes security) (deflated 70%)
adding: backregs/CE69A826-2E69-4514-85BF-D20601885770.reg (140 bytes security) (deflated 70%)
adding: backregs/CF1DCB70-2191-4660-BB70-D8154FF3E2EE.reg (140 bytes security) (deflated 70%)
adding: backregs/D52CC0C0-A183-448E-9F69-E2BC96502DE3.reg (140 bytes security) (deflated 70%)
adding: backregs/DFAF3108-9061-4925-B134-942DB14FBF78.reg (140 bytes security) (deflated 70%)
adding: backregs/ED76051A-ADFC-463F-A632-4E350A1BD4EA.reg (140 bytes security) (deflated 70%)
adding: backregs/shell.reg (140 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"
Warning (option /rge) - There is no ACE to remove!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l0l6la3s1d.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A9373222-2934-4852-9BDB-1328E3E4ABAB}"=-
"{C31B36DB-6332-440B-A12F-465CE6B06E6C}"=-
"{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}"=-
"{2F116526-4361-476E-A6F5-B0DC5ED31D5C}"=-
"{216DCBDA-A5D9-490F-8102-4FD10999AA57}"=-
"{346F3D22-0C4D-41D2-AF17-87606258A222}"=-
"{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}"=-
"{061BFF0D-2618-4C6C-AA78-9064F55A6C73}"=-
"{785E39BF-3A7A-4E70-AD07-379E976F94DD}"=-
"{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}"=-
"{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}"=-
"{2BD8E89F-A902-4BFA-A377-3933CD38A04A}"=-
"{D52CC0C0-A183-448E-9F69-E2BC96502DE3}"=-
"{359D04D9-FD1F-4606-981B-448CD85AB6CC}"=-
"{0AF9B593-43D4-4398-A195-A976D8EC3833}"=-
"{ED76051A-ADFC-463F-A632-4E350A1BD4EA}"=-
"{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}"=-
"{CE69A826-2E69-4514-85BF-D20601885770}"=-
"{614478F8-69CD-4397-983D-EBC674E62C97}"=-
"{53C464BF-3DB5-4241-8C94-346993301C5F}"=-
"{46D84907-CF5A-4894-8B9F-BBDEEF160637}"=-
"{7EFA76E4-36C5-4C19-8A1D-C373619F250E}"=-
"{1567430D-35EA-4726-88AD-5011044B7995}"=-
"{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}"=-
"{75AF8F87-079B-46C8-A445-6F9FD3925005}"=-
"{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}"=-
"{2692FDEC-526F-4178-8617-E66CACB8E8C4}"=-
"{7B52D779-9D0E-4720-9CF9-75DCB1E57449}"=-
"{6DBD7268-B392-496D-AA31-CF94ED34F776}"=-
"{C7B142D1-112D-4B60-BD18-13C78EF2845D}"=-
"{5D04164D-A610-4CB8-8901-B0A0A0689D83}"=-
"{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}"=-
"{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}"=-
"{91295406-F1FD-4429-9314-F77263D15660}"=-
"{1A275532-22FB-4017-AE5A-50CD2B334153}"=-
"{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}"=-
"{DFAF3108-9061-4925-B134-942DB14FBF78}"=-
"{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}"=-
"{CAB6FEAD-BDE1-49A2-868A-EA32808F1FC4}"=-
"{B3F17340-9166-4272-B946-F91DE63A782E}"=-
"{99D62578-E4ED-44D7-91CF-ACDF7B5FE7C4}"=-
"{6C3CAE9F-ABDE-4054-BAEC-5E7AA2B258C4}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A9373222-2934-4852-9BDB-1328E3E4ABAB}]
[-HKEY_CLASSES_ROOT\CLSID\{C31B36DB-6332-440B-A12F-465CE6B06E6C}]
[-HKEY_CLASSES_ROOT\CLSID\{1406B6DB-1DD3-4C9A-82AE-FCC325A9A2AA}]
[-HKEY_CLASSES_ROOT\CLSID\{2F116526-4361-476E-A6F5-B0DC5ED31D5C}]
[-HKEY_CLASSES_ROOT\CLSID\{216DCBDA-A5D9-490F-8102-4FD10999AA57}]
[-HKEY_CLASSES_ROOT\CLSID\{346F3D22-0C4D-41D2-AF17-87606258A222}]
[-HKEY_CLASSES_ROOT\CLSID\{628BB7CA-5CFB-4F46-AE81-DA6BD9455D00}]
[-HKEY_CLASSES_ROOT\CLSID\{061BFF0D-2618-4C6C-AA78-9064F55A6C73}]
[-HKEY_CLASSES_ROOT\CLSID\{785E39BF-3A7A-4E70-AD07-379E976F94DD}]
[-HKEY_CLASSES_ROOT\CLSID\{CF1DCB70-2191-4660-BB70-D8154FF3E2EE}]
[-HKEY_CLASSES_ROOT\CLSID\{80133EDF-AF85-4F1C-9E26-F1F8333E74BD}]
[-HKEY_CLASSES_ROOT\CLSID\{2BD8E89F-A902-4BFA-A377-3933CD38A04A}]
[-HKEY_CLASSES_ROOT\CLSID\{D52CC0C0-A183-448E-9F69-E2BC96502DE3}]
[-HKEY_CLASSES_ROOT\CLSID\{359D04D9-FD1F-4606-981B-448CD85AB6CC}]
[-HKEY_CLASSES_ROOT\CLSID\{0AF9B593-43D4-4398-A195-A976D8EC3833}]
[-HKEY_CLASSES_ROOT\CLSID\{ED76051A-ADFC-463F-A632-4E350A1BD4EA}]
[-HKEY_CLASSES_ROOT\CLSID\{00F60C95-0B4A-4ADC-AF26-5260366EB6B3}]
[-HKEY_CLASSES_ROOT\CLSID\{CE69A826-2E69-4514-85BF-D20601885770}]
[-HKEY_CLASSES_ROOT\CLSID\{614478F8-69CD-4397-983D-EBC674E62C97}]
[-HKEY_CLASSES_ROOT\CLSID\{53C464BF-3DB5-4241-8C94-346993301C5F}]
[-HKEY_CLASSES_ROOT\CLSID\{46D84907-CF5A-4894-8B9F-BBDEEF160637}]
[-HKEY_CLASSES_ROOT\CLSID\{7EFA76E4-36C5-4C19-8A1D-C373619F250E}]
[-HKEY_CLASSES_ROOT\CLSID\{1567430D-35EA-4726-88AD-5011044B7995}]
[-HKEY_CLASSES_ROOT\CLSID\{54F37FCA-6E16-41F2-AE10-5B36AE1AF3FF}]
[-HKEY_CLASSES_ROOT\CLSID\{75AF8F87-079B-46C8-A445-6F9FD3925005}]
[-HKEY_CLASSES_ROOT\CLSID\{6CC28A9A-DB6D-4A06-A6DC-F4CE7E3D4BBD}]
[-HKEY_CLASSES_ROOT\CLSID\{2692FDEC-526F-4178-8617-E66CACB8E8C4}]
[-HKEY_CLASSES_ROOT\CLSID\{7B52D779-9D0E-4720-9CF9-75DCB1E57449}]
[-HKEY_CLASSES_ROOT\CLSID\{6DBD7268-B392-496D-AA31-CF94ED34F776}]
[-HKEY_CLASSES_ROOT\CLSID\{C7B142D1-112D-4B60-BD18-13C78EF2845D}]
[-HKEY_CLASSES_ROOT\CLSID\{5D04164D-A610-4CB8-8901-B0A0A0689D83}]
[-HKEY_CLASSES_ROOT\CLSID\{643C23A8-0B62-4FB9-BDFE-8FAE438687A5}]
[-HKEY_CLASSES_ROOT\CLSID\{005A89C2-AE24-4C65-91E4-1A30DA75F9A3}]
[-HKEY_CLASSES_ROOT\CLSID\{91295406-F1FD-4429-9314-F77263D15660}]
[-HKEY_CLASSES_ROOT\CLSID\{1A275532-22FB-4017-AE5A-50CD2B334153}]
[-HKEY_CLASSES_ROOT\CLSID\{AC9FCC1E-6B2C-4868-AC54-C9845C123C23}]
[-HKEY_CLASSES_ROOT\CLSID\{DFAF3108-9061-4925-B134-942DB14FBF78}]
[-HKEY_CLASSES_ROOT\CLSID\{6B0719A2-8AE6-42AF-8A84-1FDB00F49F9F}]
[-HKEY_CLASSES_ROOT\CLSID\{CAB6FEAD-BDE1-49A2-868A-EA3280
Seitenanfang Seitenende
07.06.2005, 23:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 du solltest eine Systemwiederherstellung machen vor dem :04/05/2005 (Zeitpunkt der Verseuchnung)

-----------------------------------------------------------------------------

•KillBox

http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"


C:\WINDOWS\System32\aului.dll
C:\WINDOWS\System32\l0l6la3s1d.dll
C:\WINDOWS\System32\ikfxres.dll
C:\WINDOWS\System32\kt28l7fu1.dll
C:\WINDOWS\System32\izfxres.dll
C:\WINDOWS\System32\pnwrprof.dll
C:\WINDOWS\System32\lt0027dmg.dll
C:\WINDOWS\System32\denmpntw.dll
C:\WINDOWS\System32\sobiop.dll
C:\WINDOWS\System32\sylwoa.dll
C:\WINDOWS\System32\miw3prt.dll
C:\WINDOWS\System32\ciiconfg.dll
C:\WINDOWS\System32\rdcrt4.dll
C:\WINDOWS\System32\fzst30.dll
C:\WINDOWS\System32\hrj6051se.dll
C:\WINDOWS\System32\f4j2le1o1h.dll
C:\WINDOWS\System32\myxml3a.dll
C:\WINDOWS\System32\mwltus40.dll
C:\WINDOWS\System32\MEC71CHT.DLL
C:\WINDOWS\System32\mqrepl40.dll
C:\WINDOWS\System32\dkskmon.dll
C:\WINDOWS\System32\krdhept.dll
C:\WINDOWS\System32\sjcfiles.dll
C:\WINDOWS\System32\ipakeng.dll
C:\WINDOWS\System32\dxprop.dll
C:\WINDOWS\System32\fDultrep.dll
C:\WINDOWS\System32\tlpelib.dll
C:\WINDOWS\System32\skoolss.dll
C:\WINDOWS\System32\svrstr.dll
C:\WINDOWS\System32\shmpapi.dll
C:\WINDOWS\System32\wid_ci.dll
C:\WINDOWS\System32\mxxmlr.dll
C:\WINDOWS\System32\mxsign32.dll
C:\WINDOWS\System32\mK28lafu1d28.dll
C:\WINDOWS\System32\ssorage.dll
C:\WINDOWS\System32\mjvidctl.dll
C:\WINDOWS\System32\fosdrv.dll
C:\WINDOWS\System32\gp0ul3d91.dll
C:\WINDOWS\System32\mgdimap.dll
C:\WINDOWS\System32\skcurity.dll
C:\WINDOWS\System32\wcadss.dll
C:\WINDOWS\System32\wlsdmoe2.dll
C:\WINDOWS\System32\mv20l9fm1.dll
C:\WINDOWS\System32\hrj2051oe.dll
C:\WINDOWS\System32\m028lafu1d28.dll
C:\WINDOWS\System32\wedconns.dll
C:\WINDOWS\System32\ktlul7391.dll
C:\WINDOWS\System32\jtl6073se.dll

PC neustarten


(wenn die Killbox nicht loescht--> alles manuell im abgesicherten Modus loeschen)

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html



•AdAware-VX2
#Ad-aware SE Personal 1.05 Updated
http://virus-protect.org/adaware.html
http://fileforum.betanews.com/detail/965718306/1
AdAware-VX2 Cleaner
# Schließen Sie Ad-Aware (falls es gerade läuft)
# Laden Sie den VX2 Cleaner hier runter
http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
# Installieren Sie den VX2 Cleaner
# Starten Sie Ad-Aware
# Wechseln Sie zu Add-Ons
# Klicken Sie auf das VX2 Cleaner Add-on und klicken Sie auf Tool ausführen
# Ist Ihr Computer nicht Infiziert, klicken Sie auf schließen
# Ist Ihr Computer Infiziert, klicken Sie auf System reinigen
# Neustart
# Prüfen Sie Ihren Computer mit Ad-Aware
# Entfernen Sie jegliche gefundenen VX2 Objekte
# Neustart
# Prüfen Sie Ihr System erneut um sicherzustellen, das alle Dateien von Ihrem System entfernt wurden.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.06.2005, 01:20
...neu hier

Themenstarter

Beiträge: 7
#8 Hallo Sabina

okay, habe alles gemacht, bis auf die erneute System-recovery. Ist es notwendig das zu machen? Wenn ja, werde ichs meinem Freund sagen, er hat das naemlich gestern gemacht, weiss gar nicht wie das geht.

Ich weiss leider auch nicht wirklich wie ich pruefe, ob diese .dll files noch da sind. Hab einfach ein paar von denen unter search eingegeben und nichts wurde im system gefunden. Sorry, weiss auch nicht, falls die doch noch da sind, wie ich in den abgesicherten modus komme und das da mache :o( bin wirklich nicht so super bewandt mit alldem.

AdAware hatte mir 4 infekte gemeldet, aber anscheinend alle geloescht. Als ich den Cleaner drueber hab laufen lassen, sagte der mir "clean".


die Seite sportresults.com poppt aber immer noch ab und zu hoch.

Brauchst du noch mal logs von mir oder wie soll ich nun verfahren?
Seitenanfang Seitenende
08.06.2005, 14:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9 Hallo@BlueAngel200

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html



arbeite das bitte ab :--> und poste alles ;)
http://virus-protect.org/escan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.06.2005, 05:29
...neu hier

Themenstarter

Beiträge: 7
#10 Hallo Sabina,


alles erledigt.....um die 225 Viren!!!! Mann, und das nachdem was ich schon alles gemacht habe?! Hilfe!

Hier der Report



--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: -------------------- INFECTED --------------------
2: 1: -------------------- INFECTED --------------------
3: 2: 1: Wed Jun 08 21:13:24 2005 => Scanning Folder: C:\Program Files\AVPersonal\INFECTED\*.*
4: 3: 2: Wed Jun 08 21:36:30 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\070D335B.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
5: 4: 3: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\26B273D2.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
6: 5: 4: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\547E2CFF.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
7: 6: 5: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\548256FC.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
8: 7: 6: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54D046A6.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
9: 8: 7: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54D61A9E.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
10: 9: 8: Wed Jun 08 21:36:31 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54DA449B.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: --------------------- TAGGED ---------------------
2: 1: --------------------- TAGGED ---------------------
3: 2: 1: Wed Jun 08 20:56:57 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
4: 3: 2: Wed Jun 08 20:56:58 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
5: 4: 3: Wed Jun 08 21:00:04 2005 => File C:\WINDOWS\system32\ktj0l71m1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
6: 5: 4: Wed Jun 08 21:00:13 2005 => File C:\WINDOWS\system32\mfimg32.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
7: 6: 5: Wed Jun 08 21:00:32 2005 => File C:\WINDOWS\system32\mxafd.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
8: 7: 6: Wed Jun 08 21:00:38 2005 => File C:\WINDOWS\system32\o684lglq16qe.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
9: 8: 7: Wed Jun 08 21:03:35 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
10: 9: 8: Wed Jun 08 21:03:36 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
11: 10: 9: Wed Jun 08 21:05:29 2005 => File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\AppWrap[1].exe tagged as "not-a-virus:AdWare.Zestyfind". Action Taken: No Action Taken.
12: 11: 10: Wed Jun 08 21:05:37 2005 => File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8P0DL0NM\upd203[1].exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
13: 12: 11: Wed Jun 08 21:05:38 2005 => File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\AppWrap[1].exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
14: 13: 12: Wed Jun 08 21:36:39 2005 => File C:\Program Files\Online Services\AOL90CA\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
15: 14: 13: Wed Jun 08 21:37:07 2005 => File C:\Program Files\Online Services\AOL90US\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
16: 15: 14: Wed Jun 08 21:41:05 2005 => File C:\Program Files\Uninstall My Web Search.dll tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.h". Action Taken: No Action Taken.
17: 16: 15: Wed Jun 08 21:42:20 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021605.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
18: 17: 16: Wed Jun 08 21:42:21 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021617.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
19: 18: 17: Wed Jun 08 21:42:21 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021621.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
20: 19: 18: Wed Jun 08 21:42:22 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021625.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
21: 20: 19: Wed Jun 08 21:42:22 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021640.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
22: 21: 20: Wed Jun 08 21:42:22 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP107\A0021644.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
23: 22: 21: Wed Jun 08 21:42:25 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP108\A0021657.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
24: 23: 22: Wed Jun 08 21:42:25 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP108\A0021661.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
25: 24: 23: Wed Jun 08 21:42:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP109\A0021681.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
26: 25: 24: Wed Jun 08 21:42:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP109\A0021687.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
27: 26: 25: Wed Jun 08 21:42:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP109\A0021691.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
28: 27: 26: Wed Jun 08 21:42:28 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP109\A0021695.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
29: 28: 27: Wed Jun 08 21:42:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP111\A0021725.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
30: 29: 28: Wed Jun 08 21:42:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP111\A0021729.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
31: 30: 29: Wed Jun 08 21:42:32 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP111\A0021737.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
32: 31: 30: Wed Jun 08 21:42:32 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP111\A0021741.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
33: 32: 31: Wed Jun 08 21:42:33 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP112\A0021753.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
34: 33: 32: Wed Jun 08 21:42:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP113\A0021757.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
35: 34: 33: Wed Jun 08 21:42:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP113\A0021763.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
36: 35: 34: Wed Jun 08 21:42:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP113\A0021770.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
37: 36: 35: Wed Jun 08 21:42:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP113\A0021773.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
38: 37: 36: Wed Jun 08 21:42:37 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP114\A0021787.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
39: 38: 37: Wed Jun 08 21:42:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP114\A0021800.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
40: 39: 38: Wed Jun 08 21:42:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP114\A0021801.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
41: 40: 39: Wed Jun 08 21:42:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP117\A0021815.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
42: 41: 40: Wed Jun 08 21:42:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP117\A0021817.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
43: 42: 41: Wed Jun 08 21:45:10 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP121\A0022420.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
44: 43: 42: Wed Jun 08 21:45:10 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP121\A0022422.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
45: 44: 43: Wed Jun 08 21:45:13 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022468.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
46: 45: 44: Wed Jun 08 21:45:13 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022469.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
47: 46: 45: Wed Jun 08 21:45:14 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022481.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
48: 47: 46: Wed Jun 08 21:45:14 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022482.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
49: 48: 47: Wed Jun 08 21:45:15 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022500.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
50: 49: 48: Wed Jun 08 21:45:15 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP122\A0022501.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
51: 50: 49: Wed Jun 08 21:45:20 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022540.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
52: 51: 50: Wed Jun 08 21:45:20 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022541.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
53: 52: 51: Wed Jun 08 21:45:22 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022580.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
54: 53: 52: Wed Jun 08 21:45:23 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022581.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
55: 54: 53: Wed Jun 08 21:45:23 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022590.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
56: 55: 54: Wed Jun 08 21:45:23 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022604.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
57: 56: 55: Wed Jun 08 21:45:24 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP124\A0022605.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
58: 57: 56: Wed Jun 08 21:45:26 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP125\A0022644.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
59: 58: 57: Wed Jun 08 21:45:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP125\A0022645.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
60: 59: 58: Wed Jun 08 21:45:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP126\A0022703.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
61: 60: 59: Wed Jun 08 21:45:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP126\A0022704.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
62: 61: 60: Wed Jun 08 21:45:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP127\A0022731.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
63: 62: 61: Wed Jun 08 21:45:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP127\A0022732.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
64: 63: 62: Wed Jun 08 21:45:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP128\A0022752.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
65: 64: 63: Wed Jun 08 21:45:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP128\A0022753.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
66: 65: 64: Wed Jun 08 21:45:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP129\A0022772.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
67: 66: 65: Wed Jun 08 21:45:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP129\A0022773.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
68: 67: 66: Wed Jun 08 21:45:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP129\A0023772.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
69: 68: 67: Wed Jun 08 21:45:41 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP130\A0023806.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
70: 69: 68: Wed Jun 08 21:45:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP130\A0023850.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
71: 70: 69: Wed Jun 08 21:45:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP130\A0023865.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
72: 71: 70: Wed Jun 08 21:45:47 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP131\A0023891.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
73: 72: 71: Wed Jun 08 21:45:49 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP132\A0023908.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
74: 73: 72: Wed Jun 08 21:45:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP133\A0023922.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
75: 74: 73: Wed Jun 08 21:45:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP134\A0023957.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
76: 75: 74: Wed Jun 08 21:45:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP134\A0023972.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
77: 76: 75: Wed Jun 08 21:45:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP134\A0023981.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
78: 77: 76: Wed Jun 08 21:45:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP134\A0023990.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
79: 78: 77: Wed Jun 08 21:45:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP135\A0024007.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
80: 79: 78: Wed Jun 08 21:46:00 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP136\A0024029.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
81: 80: 79: Wed Jun 08 21:46:01 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP137\A0024046.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
82: 81: 80: Wed Jun 08 21:46:04 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP139\A0024074.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
83: 82: 81: Wed Jun 08 21:46:05 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP139\A0024091.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
84: 83: 82: Wed Jun 08 21:46:07 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP140\A0024113.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
85: 84: 83: Wed Jun 08 21:46:07 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP140\A0024122.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
86: 85: 84: Wed Jun 08 21:46:07 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP140\A0024126.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
87: 86: 85: Wed Jun 08 21:46:09 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP141\A0024139.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
88: 87: 86: Wed Jun 08 21:46:11 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP142\A0024162.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
89: 88: 87: Wed Jun 08 21:46:11 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP142\A0024163.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
90: 89: 88: Wed Jun 08 21:46:13 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP143\A0024182.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
91: 90: 89: Wed Jun 08 21:46:13 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP143\A0024204.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
92: 91: 90: Wed Jun 08 21:46:16 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP145\A0024239.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
93: 92: 91: Wed Jun 08 21:46:23 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP146\A0024284.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
94: 93: 92: Wed Jun 08 21:46:27 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP147\A0025308.exe tagged as not-a-virus:Effect.Win16.Sheep. No Action Taken.
95: 94: 93: Wed Jun 08 21:46:28 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP148\A0026293.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
96: 95: 94: Wed Jun 08 21:46:29 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP148\A0026299.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
97: 96: 95: Wed Jun 08 21:46:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP149\A0026331.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
98: 97: 96: Wed Jun 08 21:46:32 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP149\A0026352.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
99: 98: 97: Wed Jun 08 21:46:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP150\A0026370.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
100: 99: 98: Wed Jun 08 21:46:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP150\A0026379.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
101: 100: 99: Wed Jun 08 21:46:35 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP150\A0026390.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
102: 101: 100: Wed Jun 08 21:46:37 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP151\A0026412.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
103: 102: 101: Wed Jun 08 21:46:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0026440.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
104: 103: 102: Wed Jun 08 21:46:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0026450.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
105: 104: 103: Wed Jun 08 21:46:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0026459.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
106: 105: 104: Wed Jun 08 21:46:41 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0026466.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
107: 106: 105: Wed Jun 08 21:46:43 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP152\A0027462.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
108: 107: 106: Wed Jun 08 21:47:25 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP153\A0027689.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
109: 108: 107: Wed Jun 08 21:47:31 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP154\A0027718.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
110: 109: 108: Wed Jun 08 21:47:32 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP154\A0027727.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
111: 110: 109: Wed Jun 08 21:47:33 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP155\A0027747.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
112: 111: 110: Wed Jun 08 21:47:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP155\A0027756.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
113: 112: 111: Wed Jun 08 21:47:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027780.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
114: 113: 112: Wed Jun 08 21:47:36 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027781.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
115: 114: 113: Wed Jun 08 21:47:48 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027832.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
116: 115: 114: Wed Jun 08 21:47:48 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027845.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
117: 116: 115: Wed Jun 08 21:47:48 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027853.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
118: 117: 116: Wed Jun 08 21:49:17 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028090.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
119: 118: 117: Wed Jun 08 21:49:26 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028150.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
120: 119: 118: Wed Jun 08 21:49:26 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028155.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
121: 120: 119: Wed Jun 08 21:49:33 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028180.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
122: 121: 120: Wed Jun 08 21:49:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028181.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
123: 122: 121: Wed Jun 08 21:49:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028182.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
124: 123: 122: Wed Jun 08 21:49:34 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP157\A0028184.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
125: 124: 123: Wed Jun 08 21:49:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030213.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
126: 125: 124: Wed Jun 08 21:49:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030214.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
127: 126: 125: Wed Jun 08 21:49:38 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030218.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
128: 127: 126: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030219.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
129: 128: 127: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030226.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
130: 129: 128: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030228.exe tagged as "not-a-virus:AdWare.Zestyfind". Action Taken: No Action Taken.
131: 130: 129: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030229.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
132: 131: 130: Wed Jun 08 21:49:39 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030230.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
133: 132: 131: Wed Jun 08 21:49:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030231.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
134: 133: 132: Wed Jun 08 21:49:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030232.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
135: 134: 133: Wed Jun 08 21:49:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030233.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
136: 135: 134: Wed Jun 08 21:49:40 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030235.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
137: 136: 135: Wed Jun 08 21:49:41 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030236.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
138: 137: 136: Wed Jun 08 21:50:04 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030332.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
139: 138: 137: Wed Jun 08 21:50:05 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030333.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
140: 139: 138: Wed Jun 08 21:50:11 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030395.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
141: 140: 139: Wed Jun 08 21:50:14 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030448.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
142: 141: 140: Wed Jun 08 21:50:15 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030456.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
143: 142: 141: Wed Jun 08 21:50:16 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030460.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
144: 143: 142: Wed Jun 08 21:50:16 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030461.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
145: 144: 143: Wed Jun 08 21:50:17 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030471.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
146: 145: 144: Wed Jun 08 21:50:17 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030474.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
147: 146: 145: Wed Jun 08 21:50:17 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030475.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
148: 147: 146: Wed Jun 08 21:50:24 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030506.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
149: 148: 147: Wed Jun 08 21:50:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030679.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
150: 149: 148: Wed Jun 08 21:50:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030683.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
151: 150: 149: Wed Jun 08 21:50:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030685.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
152: 151: 150: Wed Jun 08 21:51:01 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030723.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
153: 152: 151: Wed Jun 08 21:51:02 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030742.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
154: 153: 152: Wed Jun 08 21:52:45 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031073.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
155: 154: 153: Wed Jun 08 21:52:46 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031086.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
156: 155: 154: Wed Jun 08 21:52:46 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031091.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
157: 156: 155: Wed Jun 08 21:52:46 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031095.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
158: 157: 156: Wed Jun 08 21:52:49 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031113.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
159: 158: 157: Wed Jun 08 21:52:49 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031114.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
160: 159: 158: Wed Jun 08 21:52:49 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031115.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
161: 160: 159: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031116.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
162: 161: 160: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031117.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
163: 162: 161: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031118.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
164: 163: 162: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031119.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
165: 164: 163: Wed Jun 08 21:52:50 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031120.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
166: 165: 164: Wed Jun 08 21:52:51 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031121.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
167: 166: 165: Wed Jun 08 21:52:51 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031122.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
168: 167: 166: Wed Jun 08 21:52:51 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031123.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
169: 168: 167: Wed Jun 08 21:52:51 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031124.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
170: 169: 168: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031125.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
171: 170: 169: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031126.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
172: 171: 170: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031127.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
173: 172: 171: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031128.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
174: 173: 172: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031129.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
175: 174: 173: Wed Jun 08 21:52:52 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031130.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
176: 175: 174: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031131.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
177: 176: 175: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031132.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
178: 177: 176: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031133.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
179: 178: 177: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031134.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
180: 179: 178: Wed Jun 08 21:52:53 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031135.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
181: 180: 179: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031136.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
182: 181: 180: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031137.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
183: 182: 181: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031138.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
184: 183: 182: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031139.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
185: 184: 183: Wed Jun 08 21:52:54 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031140.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
186: 185: 184: Wed Jun 08 21:52:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031141.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
187: 186: 185: Wed Jun 08 21:52:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031142.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
188: 187: 186: Wed Jun 08 21:52:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031143.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
189: 188: 187: Wed Jun 08 21:52:55 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031144.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
190: 189: 188: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031145.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
191: 190: 189: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031146.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
192: 191: 190: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031147.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
193: 192: 191: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031148.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
194: 193: 192: Wed Jun 08 21:52:56 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031149.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
195: 194: 193: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031150.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
196: 195: 194: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031151.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
197: 196: 195: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031152.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
198: 197: 196: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031153.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
199: 198: 197: Wed Jun 08 21:52:57 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031154.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
200: 199: 198: Wed Jun 08 21:52:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031155.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
201: 200: 199: Wed Jun 08 21:52:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031156.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
202: 201: 200: Wed Jun 08 21:52:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031157.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
203: 202: 201: Wed Jun 08 21:52:58 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031158.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
204: 203: 202: Wed Jun 08 21:52:59 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031170.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
205: 204: 203: Wed Jun 08 21:52:59 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031183.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
206: 205: 204: Wed Jun 08 21:53:00 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031184.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
207: 206: 205: Wed Jun 08 21:53:01 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP160\A0032183.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
208: 207: 206: Wed Jun 08 21:53:06 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP160\A0032232.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
209: 208: 207: Wed Jun 08 21:53:06 2005 => File C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP160\A0032233.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
210: 209: 208: Wed Jun 08 21:54:37 2005 => File C:\WINDOWS\Downloaded Program Files\popcaploader.dll tagged as not-a-virus;)ownloader.Win32.PopCap.b. No Action Taken.
211: 210: 209: Wed Jun 08 22:01:38 2005 => File C:\WINDOWS\system\UpdInst.exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
212: 211: 210: Wed Jun 08 22:07:40 2005 => File C:\WINDOWS\system32\ktj0l71m1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
213: 212: 211: Wed Jun 08 22:07:53 2005 => File C:\WINDOWS\system32\mfimg32.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
214: 213: 212: Wed Jun 08 22:08:13 2005 => File C:\WINDOWS\system32\mxafd.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
215: 214: 213: Wed Jun 08 22:08:20 2005 => File C:\WINDOWS\system32\o684lglq16qe.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
216: 215: 1: C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe => tagged:Tool.Win32.Processor.20.
217: 216: 2: C:\Documents and Settings\Angela\Desktop\l2mfix.exe => tagged:Tool.Win32.Processor.20.
218: 217: 10: C:\Program Files\Online Services\AOL90CA\comp01.000 => tagged:Tool.Win32.Reboot.
219: 218: 11: C:\Program Files\Online Services\AOL90US\comp01.000 => tagged:Tool.Win32.Reboot.
220: 219: 12: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP147\A0025308.exe => tagged:Effect.Win16.Sheep.
221: 220: 13: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027853.exe => tagged:Tool.Win32.Processor.20.
222: 221: 14: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030395.exe => tagged:Tool.Win32.Processor.20.
223: 222: 15: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030456.exe => tagged:Tool.Win32.Processor.20.
224: 223: 16: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030460.exe => tagged:Tool.Win32.Processor.20.
225: 224: 17: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031095.exe => tagged:Tool.Win32.Processor.20.
226: 225: 18: C:\WINDOWS\Downloaded Program Files\popcaploader.dll => tagged;)ownloader.Win32.PopCap.b.
227: 8: C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe => tagged:Tool.Win32.Processor.20.
228: 9: C:\Documents and Settings\Angela\Desktop\l2mfix.exe => tagged:Tool.Win32.Processor.20.
229: 10: C:\Program Files\Online Services\AOL90CA\comp01.000 => tagged:Tool.Win32.Reboot.
230: 11: C:\Program Files\Online Services\AOL90US\comp01.000 => tagged:Tool.Win32.Reboot.
231: 12: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP147\A0025308.exe => tagged:Effect.Win16.Sheep.
232: 13: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP156\A0027853.exe => tagged:Tool.Win32.Processor.20.
233: 14: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030395.exe => tagged:Tool.Win32.Processor.20.
234: 15: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030456.exe => tagged:Tool.Win32.Processor.20.
235: 16: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP158\A0030460.exe => tagged:Tool.Win32.Processor.20.
236: 17: C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP159\A0031095.exe => tagged:Tool.Win32.Processor.20.
237: 18: C:\WINDOWS\Downloaded Program Files\popcaploader.dll => tagged;)ownloader.Win32.PopCap.b.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: 1: 1: Wed Jun 08 20:56:21 2005 => ERROR!!! Invalid Entry {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
2: 2: 2: Wed Jun 08 20:56:21 2005 => ERROR!!! Invalid Entry {E46D65EC-24E0-4D66-9EE9-27B26B447E80} = C:\WINDOWS\system32\mhrddm.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
3: 3: 3: Wed Jun 08 20:56:24 2005 => ERROR!!! Invalid Entry VTTimer = VTTimer.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
4: 4: 4: Wed Jun 08 20:57:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BM2.dll". Action Taken: No Action Taken.
5: 5: 5: Wed Jun 08 20:57:27 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll". Action Taken: No Action Taken.
6: 6: 6: Wed Jun 08 20:57:31 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\hpqimgrc.resources.dll". Action Taken: No Action Taken.
7: 7: 7: Wed Jun 08 20:57:37 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
8: 8: 8: Wed Jun 08 20:57:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\Default.rul". Action Taken: No Action Taken.
9: 9: 9: Wed Jun 08 20:57:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
10: 10: 10: Wed Jun 08 20:57:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll". Action Taken: No Action Taken.
11: 11: 11: Wed Jun 08 20:57:42 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BM2.dll". Action Taken: No Action Taken.
12: 12: 12: Wed Jun 08 20:57:54 2005 => Entry "HKCR\CLSID\{5464D816-CF16-4784-B9F3-75C0DB52B499}" refers to invalid object "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll". Action Taken: No Action Taken.
13: 13: 13: Wed Jun 08 20:57:55 2005 => Entry "HKCR\CLSID\{5BC209ED-276E-4C42-8D77-0D1713605757}" refers to invalid object "c:\PROGRA~1\COMMON~1\PALOAL~1\QPAS4.OCX". Action Taken: No Action Taken.
14: 14: 14: Wed Jun 08 20:57:57 2005 => Entry "HKCR\CLSID\{6B180C18-F1F2-466D-8C9B-9E8746597BF5}" refers to invalid object "c:\PROGRA~1\COMMON~1\PALOAL~1\PAS4.DLL". Action Taken: No Action Taken.
15: 15: 15: Wed Jun 08 20:58:01 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
16: 16: 16: Wed Jun 08 20:58:04 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
17: 17: 17: Wed Jun 08 20:58:04 2005 => Entry "HKCR\CLSID\{A17E30C4-A9BA-11D4-8673-60DB54C10000}" refers to invalid object "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll". Action Taken: No Action Taken.
18: 18: 18: Wed Jun 08 20:58:05 2005 => Entry "HKCR\CLSID\{AA218328-0EA8-4D70-8972-E987A9190FF4}" refers to invalid object "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll". Action Taken: No Action Taken.
19: 19: 19: Wed Jun 08 20:58:08 2005 => Entry "HKCR\CLSID\{C79C91A1-DB06-11D2-9E0C-00105A26F05D}" refers to invalid object "c:\PROGRA~1\Quicken\QWAPP.DLL". Action Taken: No Action Taken.
20: 20: 20: Wed Jun 08 20:58:10 2005 => Entry "HKCR\CLSID\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll". Action Taken: No Action Taken.
21: 21: 21: Wed Jun 08 20:58:11 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
22: 22: 22: Wed Jun 08 20:58:12 2005 => Entry "HKCR\CLSID\{E46D65EC-24E0-4D66-9EE9-27B26B447E80}" refers to invalid object "C:\WINDOWS\system32\mhrddm.dll". Action Taken: No Action Taken.
23: 23: 23: Wed Jun 08 20:58:12 2005 => Entry "HKCR\CLSID\{E8A52BE3-690C-4EB2-A0F2-83112532AA4B}" refers to invalid object "c:\PROGRA~1\Quicken\QSHOWH~1.DLL". Action Taken: No Action Taken.
24: 24: 24: Wed Jun 08 20:58:14 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
25: 25: 25: Wed Jun 08 20:58:15 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
26: 26: 26: Wed Jun 08 20:58:25 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
27: 27: 27: Wed Jun 08 20:58:25 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
28: 28: 28: Wed Jun 08 20:58:27 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
29: 29: 29: Wed Jun 08 20:58:27 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
30: 30: 30: Wed Jun 08 20:58:38 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
31: 31: 31: Wed Jun 08 20:58:38 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
32: 32: 32: Wed Jun 08 20:58:38 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
33: 33: 33: Wed Jun 08 20:58:44 2005 => Entry "HKCR\MyWebSearch.HTMLPanel" refers to invalid object "{3E720452-B472-4954-B7AA-33069EB53906}". Action Taken: No Action Taken.
34: 34: 34: Wed Jun 08 20:58:44 2005 => Entry "HKCR\MyWebSearch.HTMLPanel.1" refers to invalid object "{3E720452-B472-4954-B7AA-33069EB53906}". Action Taken: No Action Taken.
35: 35: 35: Wed Jun 08 20:58:52 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
36: 36: 36: Wed Jun 08 20:58:55 2005 => Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
37: 37: 37: Wed Jun 08 20:58:55 2005 => Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
38: 38: 38: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip is Not Scanned
39: 39: 39: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip is Not Scanned
40: 40: 40: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip is Not Scanned
41: 41: 41: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip is Not Scanned
42: 42: 42: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip is Not Scanned
43: 43: 43: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned
44: 44: 44: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned
45: 45: 45: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned
46: 46: 46: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned
47: 47: 47: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned
48: 48: 48: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip is Not Scanned
49: 49: 49: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip is Not Scanned
50: 50: 50: Wed Jun 08 21:02:33 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip is Not Scanned
51: 51: 51: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip is Not Scanned
52: 52: 52: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip is Not Scanned
53: 53: 53: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip is Not Scanned
54: 54: 54: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip is Not Scanned
55: 55: 55: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip is Not Scanned
56: 56: 56: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip is Not Scanned
57: 57: 57: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip is Not Scanned
58: 58: 58: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip is Not Scanned
59: 59: 59: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip is Not Scanned
60: 60: 60: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip is Not Scanned
61: 61: 61: Wed Jun 08 21:02:34 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip is Not Scanned
62: 62: 62: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GrokLoader.zip is Not Scanned
63: 63: 63: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GrokLoader1.zip is Not Scanned
64: 64: 64: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean.zip is Not Scanned
65: 65: 65: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean1.zip is Not Scanned
66: 66: 66: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean2.zip is Not Scanned
67: 67: 67: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch.zip is Not Scanned
68: 68: 68: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch1.zip is Not Scanned
69: 69: 69: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch2.zip is Not Scanned
70: 70: 70: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch3.zip is Not Scanned
71: 71: 71: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip is Not Scanned
72: 72: 72: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip is Not Scanned
73: 73: 73: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip is Not Scanned
74: 74: 74: Wed Jun 08 21:02:35 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip is Not Scanned
75: 75: 75: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip is Not Scanned
76: 76: 76: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip is Not Scanned
77: 77: 77: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip is Not Scanned
78: 78: 78: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip is Not Scanned
79: 79: 79: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip is Not Scanned
80: 80: 80: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip is Not Scanned
81: 81: 81: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip is Not Scanned
82: 82: 82: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent.zip is Not Scanned
83: 83: 83: Wed Jun 08 21:02:36 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent1.zip is Not Scanned

--------------------------------------------------
------------- FILES ADDED TO DELETE --------------
--------------------------------------------------

1: C:\Program Files\Norton AntiVirus\Quarantine\070D335B.htm => Exploit.HTML.Mht
2: C:\Program Files\Norton AntiVirus\Quarantine\26B273D2.zip => Trojan.Java.ClassLoader.c
3: C:\Program Files\Norton AntiVirus\Quarantine\547E2CFF.htm => Exploit.HTML.Mht
4: C:\Program Files\Norton AntiVirus\Quarantine\548256FC.zip => Trojan.Java.ClassLoader.c
5: C:\Program Files\Norton AntiVirus
Seitenanfang Seitenende
09.06.2005, 09:57
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 Deaktivieren Wiederherstellung--> dann, nach der Reinigung, aktiviere sie wieder ;)
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

loesche mit der Killbox:

C:\WINDOWS\system32\ktj0l71m1.dll
C:\WINDOWS\system32\mfimg32.dll
C:\WINDOWS\system32\mxafd.dll
C:\WINDOWS\system32\o684lglq16qe.dll
C:\WINDOWS\system32\mhrddm.dll
C:\WINDOWS\Downloaded Program Files\BM2.dll
C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll
C:\Program Files\Uninstall My Web Search.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\system\UpdInst.exe
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\AppWrap[1].exe
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8P0DL0NM\upd203[1].exe
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\AppWrap[1].exe

PC neustarten

ueberpruefen, ob alles geloescht ist.


C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\AppWrap[1].exe
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\8P0DL0NM\upd203[1].exe
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\AppWrap[1].exe

CCleaner--> loesche alle *temp-Datein
http://virus-protect.org/temp.html



#TuneUp2004 (30 Tage free)
http://virus-protect.org/reinigungstoolsregistry.html
Cleanup repair -->TuneUp Diskcleaner
Cleanup repair -->Registry Cleaner

dann scanne noch mal mit escan + berichte ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.06.2005, 23:53
...neu hier

Themenstarter

Beiträge: 7
#12 Hallo Sabina,

habe alles gemacht. Folgende Datein waren trotz killerbox nach da, hab sie dann einfach per hand geloescht und kann sie nun auch nicht mehr finden:

C:\WINDOWS\system\UpdInst.exe
C:\WINDOWS\Downloaded Program Files\SproutWebLauncher.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll


Und wow, escan hat mir nun "nur noch" 19 Viren angezeigt! Hier der Report:


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Thu Jun 09 15:21:29 2005 => Scanning Folder: C:\Program Files\AVPersonal\INFECTED\*.*
2: Thu Jun 09 15:44:18 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\070D335B.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
3: Thu Jun 09 15:44:18 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\26B273D2.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
4: Thu Jun 09 15:44:18 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\547E2CFF.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
5: Thu Jun 09 15:44:18 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\548256FC.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
6: Thu Jun 09 15:44:19 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54D046A6.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
7: Thu Jun 09 15:44:19 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54D61A9E.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
8: Thu Jun 09 15:44:19 2005 => File C:\Program Files\Norton AntiVirus\Quarantine\54DA449B.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Thu Jun 09 15:04:43 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
2: Thu Jun 09 15:04:44 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
3: Thu Jun 09 15:09:23 2005 => File C:\!Submit\ktj0l71m1.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
4: Thu Jun 09 15:11:20 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
5: Thu Jun 09 15:11:21 2005 => File C:\Documents and Settings\Angela\Desktop\l2mfix.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
6: Thu Jun 09 15:44:27 2005 => File C:\Program Files\Online Services\AOL90CA\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
7: Thu Jun 09 15:44:54 2005 => File C:\Program Files\Online Services\AOL90US\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Thu Jun 09 15:05:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BM2.dll". Action Taken: No Action Taken.
2: Thu Jun 09 15:05:46 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
3: Thu Jun 09 15:05:49 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
4: Thu Jun 09 15:05:56 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
5: Thu Jun 09 15:05:59 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
6: Thu Jun 09 15:06:00 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
7: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip is Not Scanned
8: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip is Not Scanned
9: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip is Not Scanned
10: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip is Not Scanned
11: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip is Not Scanned
12: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned
13: Thu Jun 09 15:10:17 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned
14: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned
15: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned
16: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned
17: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip is Not Scanned
18: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip is Not Scanned
19: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip is Not Scanned
20: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip is Not Scanned
21: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip is Not Scanned
22: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip is Not Scanned
23: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip is Not Scanned
24: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip is Not Scanned
25: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip is Not Scanned
26: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip is Not Scanned
27: Thu Jun 09 15:10:18 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip is Not Scanned
28: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip is Not Scanned
29: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip is Not Scanned
30: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip is Not Scanned
31: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GrokLoader.zip is Not Scanned
32: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GrokLoader1.zip is Not Scanned
33: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean.zip is Not Scanned
34: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean1.zip is Not Scanned
35: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MainPean2.zip is Not Scanned
36: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch.zip is Not Scanned
37: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch1.zip is Not Scanned
38: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch2.zip is Not Scanned
39: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MySearch3.zip is Not Scanned
40: Thu Jun 09 15:10:19 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip is Not Scanned
41: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip is Not Scanned
42: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip is Not Scanned
43: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip is Not Scanned
44: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip is Not Scanned
45: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip is Not Scanned
46: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip is Not Scanned
47: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip is Not Scanned
48: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip is Not Scanned
49: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip is Not Scanned
50: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip is Not Scanned
51: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent.zip is Not Scanned
52: Thu Jun 09 15:10:20 2005 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent1.zip is Not Scanned

--------------------------------------------------
------------- FILES ADDED TO DELETE --------------
--------------------------------------------------

1: C:\Documents and Settings\Angela\Desktop\l2mfix\Process.exe => tagged:Tool.Win32.Processor.20.
2: C:\Documents and Settings\Angela\Desktop\l2mfix.exe => tagged:Tool.Win32.Processor.20.
3: C:\Program Files\Norton AntiVirus\Quarantine\070D335B.htm => Exploit.HTML.Mht
4: C:\Program Files\Norton AntiVirus\Quarantine\26B273D2.zip => Trojan.Java.ClassLoader.c
5: C:\Program Files\Norton AntiVirus\Quarantine\547E2CFF.htm => Exploit.HTML.Mht
6: C:\Program Files\Norton AntiVirus\Quarantine\548256FC.zip => Trojan.Java.ClassLoader.c
7: C:\Program Files\Norton AntiVirus\Quarantine\54D046A6.htm => Exploit.HTML.Mht
8: C:\Program Files\Norton AntiVirus\Quarantine\54D61A9E.zip => Trojan.Java.ClassLoader.c
9: C:\Program Files\Norton AntiVirus\Quarantine\54DA449B.zip => Trojan.Java.ClassLoader.c
10: C:\Program Files\Online Services\AOL90CA\comp01.000 => tagged:Tool.Win32.Reboot.
11: C:\Program Files\Online Services\AOL90US\comp01.000 => tagged:Tool.Win32.Reboot.

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Thu Jun 09 16:09:48 2005 => Total Objects Scanned: 91776
Thu Jun 09 16:09:48 2005 => Total Virus(es) Found: 19
Thu Jun 09 16:09:48 2005 => Total Errors: 52
Thu Jun 09 16:09:48 2005 => Virus Database Date: 2005/06/09
Thu Jun 09 16:09:48 2005 => Virus Database Count: 134127
Thu Jun 09 16:36:07 2005 => Total Objects Scanned: 91776
Thu Jun 09 16:36:07 2005 => Total Virus(es) Found: 19
Thu Jun 09 16:36:07 2005 => Total Errors: 52


Naehern wir uns nun langsam dem erfoglreichen Ende zu? Sieht so aus! :O)
Seitenanfang Seitenende
11.06.2005, 18:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 Hallo@BlueAngel200

1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, locate and delete the following keys:
*
"HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage"
refers to "C:\WINDOWS\Downloaded Program Files\BM2.dll"
-----------------------------------------------------------------------

HKEY_CLASSES_ROOT>CLSID>{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

* HKEY_LOCAL_MACHINE>SOFTWARE>Classes>
CLSID>{DDFFA75A-E81D-4454-89FC-B9FD0631E726

In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Shell Extensions>Approved
In the right panel, locate and delete the entry:
{DDFFA75A-E81D-4454-89FC-B9FD0631E726} = ""

5. Close Registry Editor.

http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FLOOK2ME%2EB

Loesche:
C:\!Submit\ktj0l71m1.dll
C:\WINDOWS\Downloaded Program Files\BM2.dll

dann duerfte alles in ordnung sein ;)

Alles Gute fuer dich + PC ;)

----------

#Alternativbrowser zum IE
Firefox
http://www.firefox-browser.de/windows.php
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html


---------
INFO:
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.dll
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende