TR/Qhost.QR TR/Click.526 Wie kann man die entfernen?

Thema ist geschlossen!
Thema ist geschlossen!
#0
08.12.2005, 00:37
Member

Beiträge: 45
#46 Also, habe jetzt noch mal mit datfindbat nach folgenden Dateien gesucht:
C:\WINDOWS\system32\winctrl16.exe
C:\WINDOWS\system32\winctrl32.exe
C:\WINDOWS\system32\winctrl64.exe
C:\WINDOWS\system32\trapi12.exe
C:\WINDOWS\system32\msblank32.html
C:\WINDOWS\system32\popcorn72.exe

Es sind keine vorhanden. Zudem habe ich noch einmal chronologisch mit der Killbox gearbeitet. Auch da negativ. Er findet keinerlei solcher Dateien mehr zum killen.
Bei Eingabe des letzten Eintrages
C:\WINDOWS\system32\popcorn72.exe
macht die killbox folgende Aussage:

" Pending File Rename Operations Registry Data has been removed by external Process! "

Die 1.dat,2.dat und 3.dat sind auch gelöscht.


Der Scanbericht von cureit sagt nix, die Statistik meldet: 87 überprüfte Dateien, nix gefunden.


Das einzige, was mir Anwendungsprobleme bereitet ist die Seite von Sophos.de;
bei dem angegebenen Link finde ich nur ne IDE-Datei zum Download. Die liegt dann auf meinem Desktop herum, ich kann sie nicht öffnen und weiss auch nicht, ob ich sie irgendwohin kopieren soll, damit sie ihren Dienst tut. Muß ich denn sophos antivir vorher runterladen? Da bin ich ratlos. Vielleicht ist das ja mein Fehler?

Gruß, Moc
__________
Dieser Satz kein Verb.
Seitenanfang Seitenende
08.12.2005, 11:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#47 Mocca

Zitat

habe unter http://www.sophos.de/virusinfo/analyses/trojdloaderra.html
folgende Virenerkennungsdatei runtergeladen: mytob-dw.ide
Problem: Konnte ide-Datei nicht starten.
ich weiss nicht, was du da geladen hast...ich hatte es jedoch nicht angewiesen, die Seite war nur zur Information

mache noch einen Onlinescan mit kaspersky und berichte ;)
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.12.2005, 15:54
Member

Beiträge: 45
#48 Hallo sabina!

versuche seit zwei tagen den kaspersky-online-scan durchzuführen. der scan läuft nicht mit firefox, verlangt den explorer. so weit,so gut. wenn ich die seite mit dem explorer aufmachen will, geht nix, weil mir der rechner angibt, den explorer nicht finden zu können, obwohl er aktiv ist.

Deswegen, meine Frage: Gibt es ne alternative zum kaspersky online scan?


Gruß, Moc
__________
Dieser Satz kein Verb.
Seitenanfang Seitenende
10.12.2005, 19:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#49 Hallo@Mocca

ewido--> scanne und poste den scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.12.2005, 21:48
Member

Beiträge: 45
#50 Hallo Sabina!
Hier der Scanreport von EWIDO


ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 21:47:42, 11.12.2005
+ Report-Checksumme: 4B254D5C

+ Scanergebnis:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Gesäubert mit Backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Gesäubert mit Backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Gesäubert mit Backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Gesäubert mit Backup
HKLM\SOFTWARE\Preview AdService -> Spyware.BlazeFind : Gesäubert mit Backup
HKU\S-1-5-21-299502267-1972579041-725345543-500\Software\Need2Find -> Spyware.Need2Find : Gesäubert mit Backup
HKU\S-1-5-21-299502267-1972579041-725345543-500\Software\Need2Find\bar -> Spyware.Need2Find : Gesäubert mit Backup
HKU\S-1-5-21-299502267-1972579041-725345543-500\Software\RX Toolbar -> Spyware.RXToolbar : Gesäubert mit Backup
C:\Programme\Need2Find -> Spyware.Need2Find : Gesäubert mit Backup
C:\Programme\Need2Find\bar -> Spyware.Need2Find : Gesäubert mit Backup
C:\Programme\Need2Find\bar\History -> Spyware.Need2Find : Gesäubert mit Backup
C:\Programme\Need2Find\bar\History\search -> Spyware.Need2Find : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP129\A0022276.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP130\A0022513.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP130\A0022565.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP130\A0022586.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP131\A0022613.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP136\A0023040.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP136\A0023057.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP136\A0023070.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP137\A0025584.exe -> Spyware.Msnagent : Gesäubert mit Backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Gesäubert mit Backup


::Report Ende



Liebe Grüße, Marco
__________
Dieser Satz kein Verb.
Seitenanfang Seitenende
12.12.2005, 00:03
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#51 Mocca

http://virus-protect.org/escan.html
lade escan, arbeite alles ab und poste den scanbericht
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.12.2005, 23:45
Member

Beiträge: 45
#52 Hallo Sabina!

Ich habs endlich geschafft. etwas länger offline und Tücken mit der Technik gehabt. Hoffe, du hilfst mir dennoch weiter. hier der scanbericht:


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Wed Dec 28 22:56:04 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
2: Wed Dec 28 22:56:04 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.
3: Wed Dec 28 22:56:04 2005 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken.
4: Wed Dec 28 22:56:04 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
5: Wed Dec 28 22:56:04 2005 => System found infected with websearch toolbar Spyware/Adware ({15ad6789-cdb4-47e1-a9da-992ee8e6bad6})! Action taken: No Action Taken.
6: Wed Dec 28 22:56:04 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
7: Wed Dec 28 22:56:04 2005 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
8: Wed Dec 28 22:56:07 2005 => Offending file found: C:\WINDOWS\System32\start.cdi
9: Wed Dec 28 22:56:07 2005 => System found infected with cydoor Spyware/Adware (start.cdi)! Action taken: No Action Taken.
10: Wed Dec 28 22:56:09 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\bearshare.lnk
11: Wed Dec 28 22:56:09 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
12: Wed Dec 28 22:56:09 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Favoriten\ebay.url
13: Wed Dec 28 22:56:09 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken.
14: Wed Dec 28 22:56:11 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
15: Wed Dec 28 22:56:11 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
16: Wed Dec 28 22:56:11 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
17: Wed Dec 28 22:56:11 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
18: Wed Dec 28 22:56:11 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
19: Wed Dec 28 22:56:11 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
20: Wed Dec 28 22:56:47 2005 => File C:\WINDOWS\System32\csbgd.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
21: Wed Dec 28 22:57:01 2005 => File C:\WINDOWS\System32\favme.exe infected by "Trojan.Win32.Favadd.an" Virus! Action Taken: No Action Taken.
22: Wed Dec 28 22:57:03 2005 => File C:\WINDOWS\System32\HCLEAN32.EXE.VIR infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
23: Wed Dec 28 23:01:16 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
24: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0022116.EXE.001
25: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\A0022116.EXE.001 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
26: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0023056.EXE.001
27: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\A0023056.EXE.001 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
28: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0025740.EXE.001
29: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\A0025740.EXE.001 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
30: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.001
31: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.001 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
32: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.002
33: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.002 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
34: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.003
35: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.003 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
36: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.004
37: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.004 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
38: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.005
39: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.005 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
40: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.006
41: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.006 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
42: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.007
43: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.007 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
44: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.008
45: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.008 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
46: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.009
47: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.009 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
48: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.010
49: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.010 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
50: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.011
51: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.011 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
52: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.012
53: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.012 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
54: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.013
55: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.013 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
56: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.014
57: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.014 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
58: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.015
59: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.015 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
60: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.VIR
61: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.VIR infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
62: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.001
63: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.001 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
64: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.002
65: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.002 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
66: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.003
67: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.003 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
68: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.004
69: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.004 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
70: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.005
71: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.005 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
72: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.006
73: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.006 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
74: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.007
75: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.007 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
76: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.008
77: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.008 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
78: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.009
79: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.009 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
80: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.010
81: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.010 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
82: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.011
83: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.011 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
84: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.012
85: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.012 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
86: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.013
87: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.013 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
88: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.VIR
89: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.VIR tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
90: Wed Dec 28 23:11:37 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027427.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
91: Wed Dec 28 23:11:37 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027442.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
92: Wed Dec 28 23:11:37 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027452.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
93: Wed Dec 28 23:11:39 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP150\A0027476.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
94: Wed Dec 28 23:11:39 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP150\A0027489.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
95: Wed Dec 28 23:12:58 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP157\A0028230.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
96: Wed Dec 28 23:13:05 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028399.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
97: Wed Dec 28 23:13:05 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028413.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
98: Wed Dec 28 23:13:05 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028425.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
99: Wed Dec 28 23:18:07 2005 => File C:\WINDOWS\system32\csbgd.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
100: Wed Dec 28 23:22:49 2005 => File C:\WINDOWS\system32\favme.exe infected by "Trojan.Win32.Favadd.an" Virus! Action Taken: No Action Taken.
101: Wed Dec 28 23:22:52 2005 => File C:\WINDOWS\system32\HCLEAN32.EXE.VIR infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
102: Wed Dec 28 23:28:30 2005 => Scanning File F:\Musik\Electronic\Verschiedenes Techno\Irgendein Techno-Sampler\20-barthezz-infected__dj_gyfer_and_dj_roge_bubbling_remix.mp3 [**]
103: Wed Dec 28 23:28:37 2005 => Scanning File F:\Musik\HipHop\Bubba Sparxx\Bubba Sparxxx - [05] - Infected.mp3 [**]

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Wed Dec 28 22:57:46 2005 => File C:\WINDOWS\System32\ntfsnlpa.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
2: Wed Dec 28 22:58:05 2005 => File C:\WINDOWS\System32\RDSNDIN.EXE.VIR tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
3: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\A0023056.EXE.001 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
4: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.001 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
5: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.002 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
6: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.003 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
7: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.004 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
8: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.005 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
9: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.006 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
10: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.007 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
11: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.008 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
12: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.009 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
13: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.010 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
14: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.011 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
15: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.012 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
16: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.013 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
17: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.VIR tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
18: Wed Dec 28 23:11:36 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027412.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
19: Wed Dec 28 23:11:37 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027460.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
20: Wed Dec 28 23:23:41 2005 => File C:\WINDOWS\system32\ntfsnlpa.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
21: Wed Dec 28 23:24:08 2005 => File C:\WINDOWS\system32\RDSNDIN.EXE.VIR tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry XPsys = C:\WINDOWS\XPsys.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
2: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry DriverLoad = c:\DriverLoad\svchost.exe -dl (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
3: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry DriverCheck = c:\DriverLoad\svchost.exe -dc (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
4: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry SystemDriverLoad = c:\DriverLoad\svchost.exe -sdl (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
5: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry SystemDriverCheck = c:\DriverLoad\svchost.exe -sdc (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
6: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry SystemCheck = c:\DriverLoad\svchost.exe -sc (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken.
7: Wed Dec 28 22:55:53 2005 => ERROR!!! Invalid Entry hclean32.exe = C:\WINDOWS\System32\hclean32.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
8: Wed Dec 28 22:55:53 2005 => ERROR!!! Invalid Entry dmnic.exe = C:\WINDOWS\System32\dmnic.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
9: Wed Dec 28 22:56:03 2005 => ERROR!!! Invalid Entry System32\DRIVERS\wanatw4.sys in SYSTEM\CurrentControlSet\Services\wanatw...
10: Wed Dec 28 22:56:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
11: Wed Dec 28 22:56:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RealPlayer 6.0". Action Taken: No Action Taken.
12: Wed Dec 28 22:56:19 2005 => Entry "HKCR\CLSID\{FC598BEF-F90F-11D0-BE5A-00403338E4FF}" refers to invalid object "G:\ILMOle.dll". Action Taken: No Action Taken.
13: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\MyCalendar.dll". Action Taken: No Action Taken.
14: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{05563F82-69A7-40A6-8670-153B635A7EF6}" refers to invalid object "C:\Programme\RXToolBar\sfcont.dll". Action Taken: No Action Taken.
15: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Cerberus.dll". Action Taken: No Action Taken.
16: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{06A76548-79B6-407F-8B07-847844DAF187}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
17: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{06A95839-6BE6-470B-8E85-F1E770573407}" refers to invalid object "C:\Dokumente und Einstellungen\Mocca\Application Data\Microsoft\Forms\RefEdit.exd". Action Taken: No Action Taken.
18: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{083ED521-648D-4336-8271-30C2BCD9D5CF}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
19: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPPIC~4.DLL". Action Taken: No Action Taken.
20: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{15E35FD4-290D-4FD5-9A94-D0F2D65FED02}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
21: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Xanthe.dll". Action Taken: No Action Taken.
22: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{179ABC29-673C-491E-947E-76540C735E86}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
23: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{19DF0AFA-3F1C-481C-909B-820B9BCCF371}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
24: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{1B280200-9DE7-11D4-A2D4-001083025146}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\axclntbrg.dll". Action Taken: No Action Taken.
25: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPPIC~1.DLL". Action Taken: No Action Taken.
26: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{21F022C8-C045-4555-8A90-651E6A3DC6C6}" refers to invalid object "C:\Programme\Accoona\atoolbar.dll". Action Taken: No Action Taken.
27: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\CDDBControl.dll". Action Taken: No Action Taken.
28: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{24F9D171-9DC8-4803-B557-95B1D8C0C92F}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
29: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\axtrack.dll". Action Taken: No Action Taken.
30: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{2B9A24F5-55C7-4C58-8934-C09B13CE0AA3}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
31: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "C:\Programme\Gemeinsame Dateien\aolshare\Coach\coachdm3.dll". Action Taken: No Action Taken.
32: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}" refers to invalid object "C:\Programme\Google\Google Earth\GoogleEarth.exe". Action Taken: No Action Taken.
33: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{379919F2-1612-45B7-B9F4-773F6D5214F5}" refers to invalid object "C:\Programme\eDonkey2000\plugins\ed2kie.dll". Action Taken: No Action Taken.
34: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\sb.dll". Action Taken: No Action Taken.
35: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{3DAA2C68-7B57-4F2F-8FCE-2E23123B6ED1}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
36: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Phobos.dll". Action Taken: No Action Taken.
37: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}" refers to invalid object "C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
38: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken.
39: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}" refers to invalid object "C:\Programme\Babylon\Babylon.exe". Action Taken: No Action Taken.
40: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}" refers to invalid object "C:\Programme\ewido\security suite\context.dll". Action Taken: No Action Taken.
41: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPWz.dll". Action Taken: No Action Taken.
42: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{731B9F1D-5496-45D5-BCBF-4071980A1E08}" refers to invalid object "C:\Programme\AOL 8.0\ebrowser.dll". Action Taken: No Action Taken.
43: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{7730E782-A89A-11D3-9982-0060B088BBCA}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\NmpX\nmpx.dll". Action Taken: No Action Taken.
44: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPPIC~3.DLL". Action Taken: No Action Taken.
45: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{7D9B8A4B-CA40-4D8A-B4DD-F1574DD1C323}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
46: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{7E15E6B3-7DCB-4825-B629-24C0B225FF41}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
47: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{7E2D5E1A-CD4F-4065-9BF9-D0764F8247C8}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
48: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ZipNrun.tmp\rDxEmul.mom". Action Taken: No Action Taken.
49: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{89C91750-E291-4DDD-A091-CD4B800AB34D}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
50: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{8BBDA247-CE76-11D3-A2CE-00108335731F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\MIMEHook.dll". Action Taken: No Action Taken.
51: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Ares.dll". Action Taken: No Action Taken.
52: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{966EB259-158A-409B-BAB1-60B9CA728DCB}" refers to invalid object "C:\DOKUME~1\Mocca\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
53: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
54: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{9869EFA6-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOKUME~1\Mocca\LOKALE~1\Temp\CmdLineExt02.dll". Action Taken: No Action Taken.
55: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{99A4FF7C-02DA-410D-A3BC-1C6C28060A68}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
56: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken.
57: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{9E02B26C-3EA2-47AE-B4C6-F20A89BDDF38}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
58: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{A0739880-6BF8-11D6-A10D-0010A49A288A}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\waol.exe". Action Taken: No Action Taken.
59: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{A5EF931C-7004-421E-A12E-B8471BAA14F2}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
60: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{AB1013C3-D58E-453F-955D-E587E39E9C58}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
61: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{CC09D895-51EF-11D2-BA2A-00A024BF101B}" refers to invalid object "C:\PROGRA~1\Canon\PhotoRecord\OpPrintCom\OpPrintCom.dll". Action Taken: No Action Taken.
62: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\ae.dll". Action Taken: No Action Taken.
63: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{D54B0D90-F251-4C81-AF7D-5B77F1B6D603}" refers to invalid object "C:\DOKUME~1\Mocca\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
64: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "C:\Programme\AOL 9.0\abui.dll". Action Taken: No Action Taken.
65: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
66: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Pathfinder.dll". Action Taken: No Action Taken.
67: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aol\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken.
68: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\NmpXChat\nmpxchat.dll". Action Taken: No Action Taken.
69: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{E86F5307-002B-49A2-89C4-0784C44052C4}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\AMH.dll". Action Taken: No Action Taken.
70: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{EAA0E852-F04C-4B62-94CD-D397A75F2954}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
71: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\sa.dll". Action Taken: No Action Taken.
72: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{FA653B1B-DB39-41A5-8DF5-1A2FCEA0771D}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
73: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{FC335C72-885A-4C86-825D-2D686E93A007}" refers to invalid object "C:\DOKUME~1\Mocca\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
74: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{FC598BE0-F90F-11D0-BE5A-00403338E4FF}" refers to invalid object "G:\ILMOle.dll". Action Taken: No Action Taken.
75: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AdmilliService.zip is Not Scanned
76: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
77: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Altnet.zip is Not Scanned
78: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip is Not Scanned
79: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip is Not Scanned
80: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp1.zip is Not Scanned
81: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp2.zip is Not Scanned
82: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp3.zip is Not Scanned
83: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DyFuCA.zip is Not Scanned
84: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\FindSpyA.zip is Not Scanned
85: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\FindSpyA1.zip is Not Scanned
86: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\FindSpyA2.zip is Not Scanned
87: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\FindSpyA3.zip is Not Scanned
88: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip is Not Scanned
89: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip is Not Scanned
90: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator10.zip is Not Scanned
91: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator11.zip is Not Scanned
92: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator13.zip is Not Scanned
93: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator14.zip is Not Scanned
94: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator15.zip is Not Scanned
95: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator16.zip is Not Scanned
96: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator18.zip is Not Scanned
97: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator19.zip is Not Scanned
98: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip is Not Scanned
99: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator20.zip is Not Scanned
100: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip is Not Scanned
101: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator4.zip is Not Scanned
102: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator5.zip is Not Scanned
103: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator6.zip is Not Scanned
104: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator7.zip is Not Scanned
105: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator8.zip is Not Scanned
106: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator9.zip is Not Scanned
107: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip is Not Scanned
108: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar.zip is Not Scanned
109: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar1.zip is Not Scanned
110: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar2.zip is Not Scanned
111: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar3.zip is Not Scanned
112: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip is Not Scanned
113: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip is Not Scanned
114: Wed Dec 28 23:00:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip is Not Scanned
115: Wed Dec 28 23:00:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MainPean.zip is Not Scanned
116: Wed Dec 28 23:00:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Wareout.zip is Not Scanned
117: Wed Dec 28 23:00:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Wareout1.zip is Not Scanned

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\WINDOWS\System32\csbgd.exe => Trojan-Dropper.Win32.Vidro.u
2: C:\WINDOWS\System32\favme.exe => Trojan.Win32.Favadd.an
3: C:\WINDOWS\System32\HCLEAN32.EXE.VIR => Trojan.Win32.Qhost.df
4: C:\Programme\AVPersonal\INFECTED\A0022116.EXE.001 => Trojan.Win32.Qhost.df
5: C:\Programme\AVPersonal\INFECTED\A0025740.EXE.001 => Trojan.Win32.Qhost.df
6: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.001 => Trojan.Win32.Qhost.df
7: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.002 => Trojan.Win32.Qhost.df
8: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.003 => Trojan.Win32.Qhost.df
9: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.004 => Trojan.Win32.Qhost.df
10: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.005 => Trojan.Win32.Qhost.df
11: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.006 => Trojan.Win32.Qhost.df
12: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.007 => Trojan.Win32.Qhost.df
13: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.008 => Trojan.Win32.Qhost.df
14: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.009 => Trojan.Win32.Qhost.df
15: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.010 => Trojan.Win32.Qhost.df
16: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.011 => Trojan.Win32.Qhost.df
17: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.012 => Trojan.Win32.Qhost.df
18: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.013 => Trojan.Win32.Qhost.df
19: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.014 => Trojan.Win32.Qhost.df
20: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.015 => Trojan.Win32.Qhost.df
21: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.VIR => Trojan.Win32.Qhost.df
22: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027427.exe => Trojan-Dropper.Win32.Vidro.u
23: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027442.exe => Trojan-Dropper.Win32.Vidro.u
24: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027452.exe => Trojan-Dropper.Win32.Vidro.u
25: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP150\A0027476.exe => Trojan-Dropper.Win32.Vidro.u
26: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP150\A0027489.exe => Trojan-Dropper.Win32.Vidro.u
27: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP157\A0028230.exe => Trojan-Dropper.Win32.Vidro.u
28: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028399.exe => Trojan-Dropper.Win32.Vidro.u
29: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028413.exe => Trojan-Dropper.Win32.Vidro.u
30: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028425.exe => Trojan-Dropper.Win32.Vidro.u
31: C:\WINDOWS\system32\csbgd.exe => Trojan-Dropper.Win32.Vidro.u
32: C:\WINDOWS\system32\favme.exe => Trojan.Win32.Favadd.an
33: C:\WINDOWS\system32\HCLEAN32.EXE.VIR => Trojan.Win32.Qhost.df

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Wed Dec 28 23:29:19 2005 => Total Objects Scanned: 61262
Wed Dec 28 23:29:19 2005 => Total Virus(es) Found: 83
Wed Dec 28 23:29:19 2005 => Total Errors: 117
Wed Dec 28 23:29:19 2005 => Virus Database Date: 2005/12/02
Wed Dec 28 23:29:19 2005 => Virus Database Count: 162781
Wed Dec 28 23:31:00 2005 => Total Objects Scanned: 61262
Wed Dec 28 23:31:00 2005 => Total Virus(es) Found: 83
Wed Dec 28 23:31:00 2005 => Total Errors: 117





Liebe Grüße, Moc!!!
__________
Dieser Satz kein Verb.
Seitenanfang Seitenende
29.12.2005, 14:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#53 Mocca

deaktiviere die systemwiederherstellung, dann aktiviere sie wieder
http://virus-protect.org/systemwiederherstellung.html

Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread

kopiere hier das Log vom Silentrunner
http://virus-protect.org/silentrunner.html

----------------------------

ist fuer mich:
C:\WINDOWS\System32\ntfsnlpa.exe
C:\WINDOWS\System32\RDSNDIN.EXE
C:\WINDOWS\System32\RDSNDIN.EXE.VIR
C:\WINDOWS\system32\csbgd.exe
C:\WINDOWS\system32\favme.exe
C:\WINDOWS\system32\HCLEAN32.EXE.VIR
C:\WINDOWS\System32\hclean32.exe
C:\WINDOWS\System32\dmnic.exe

C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.12.2005, 23:09
Member

Beiträge: 45
#54 Hallo Sabina,

die Systemwiederherstellung habe ich deaktiviert.
blacklight hat wohl nix gefunden....hier das file.

12/30/05 21:56:15 [Info]: BlackLight Engine 1.0.30 initialized
12/30/05 21:56:15 [Info]: OS: 5.1 build 2600 (Service Pack 1)
12/30/05 21:56:15 [Note]: 7019 4
12/30/05 21:56:15 [Note]: 7005 0
12/30/05 21:56:47 [Note]: 7006 0
12/30/05 21:56:47 [Note]: 7011 920
12/30/05 21:56:47 [Note]: FSRAW library version 1.7.1014
12/30/05 21:58:27 [Note]: 7007 0


den silentrunner konnte ich leider nicht starten, weil der windows script host auf meinem Rechner deaktiviert ist. weisst du, wie ich den aktivieren kann?

gruß, moc
__________
Dieser Satz kein Verb.
Seitenanfang Seitenende
30.12.2005, 23:16
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#55 Problem:
Was den "Silentrunners" angeht...der funktioniert leider nicht. bekomme immer die meldung: "Der Zugriff auf Windows Script Host wurde für diesen Computer deaktiviert." und ich solle mich an den Administrator wenden.

Schau mal, ob es in der Registry (Start -> Ausführen -> regedit) bei dir unter: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings einen Eintrag mit dem Namen Enabled gibt. Wenn ja, dann weise diesem den Wert 1 zu, dann ist der Scripting Host wieder aktiviert. (dann den PC neustarten)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.12.2005, 21:24
Member

Beiträge: 45
#56 "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"XPsys" = "C:\WINDOWS\XPsys.exe" [file not found]
"DriverLoad" = "c:\DriverLoad\svchost.exe -dl" [file not found]
"DriverCheck" = "c:\DriverLoad\svchost.exe -dc" [file not found]
"SystemDriverLoad" = "c:\DriverLoad\svchost.exe -sdl" [file not found]
"SystemDriverCheck" = "c:\DriverLoad\svchost.exe -sdc" [file not found]
"SystemCheck" = "c:\DriverLoad\svchost.exe -sc" [file not found]
"Winhost" = (empty string)
"Winhost1" = (empty string)
"Winhost2" = (empty string)
"Winhost3" = (empty string)
"Winhost4" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"hclean32.exe" = "C:\WINDOWS\System32\hclean32.exe" [file not found]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"AVSCHED32" = "C:\Programme\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"]
"dmnic.exe" = "C:\WINDOWS\System32\dmnic.exe" [file not found]
"Zone Labs Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\(Default) = "NetMeeting 3.01"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop-Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cszhx.exe" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
FileWiperContextMenuExtension\(Default) = "{B6BF4AAE-3AB0-4691-9119-2E6C13D38EFD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\TweakPower\FileWiper.dll" ["Kurt Zimmermann"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
FileWiperContextMenuExtension\(Default) = "{B6BF4AAE-3AB0-4691-9119-2E6C13D38EFD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\TweakPower\FileWiper.dll" ["Kurt Zimmermann"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
FileWiperContextMenuExtension\(Default) = "{B6BF4AAE-3AB0-4691-9119-2E6C13D38EFD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\TweakPower\FileWiper.dll" ["Kurt Zimmermann"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP3000\Driver = "CNMLM61.DLL" ["CANON INC."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 27 seconds, including 4 seconds for message boxes)
__________
Dieser Satz kein Verb.
Seitenanfang Seitenende
01.01.2006, 14:58
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#57 Mocca

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

c:\DriverLoad\svchost.exe

---------------------------------------------------------------------------

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

Zitat

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"XPsys"=-
"DriverLoad"=-
"DriverCheck"=-
"SystemDriverLoad"=-
"SystemDriverCheck"=-
"SystemCheck"=-
"Winhost"=-
"Winhost1"=-
"Winhost2"=-
"Winhost3"=-
"Winhost4"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hclean32.exe"=-
"dmnic.exe"=-


***


Download FixWareout:

http://swandog46.geekstogo.com/Fixwareout.exe

Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt -->kopiere die txt-Datei ins Forum
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2006, 00:17
Member

Beiträge: 45
#58 Hallo Sabina!

Zu Virustotal: Bei Upload der C:\DriverLoad\svchost.exe gibt mir virustotal folgende Meldung "File size can't be more than 10 Megabytes.You can't try compressing it."
Hab mal im C:\driverload nachgeschaut und der hat 0 Dateien mit 0 Byte.
Was nu?

Hab trotzdem die registry wie angegeben im abgesicherten modus geändert.

Anschließend hab ich den dritten Teil erledigt und hier ist der Scanbericht:


Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\pgtshlld
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nidnsdr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23naelch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\aplnsftn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23rtcdaol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\17
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\22
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\24
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\27
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\29
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\30
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\31
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\33
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\34
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\cinmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\37
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\38
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\39
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\41
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\42
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\43
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\45
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\47
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\48
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\49
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\50
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\51
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\52
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\53
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\54
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\55
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\56
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\58
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\59
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\60
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\62
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\63
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\65
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\66
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\67
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\68
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\69
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\70
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\71
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\72
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\73
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\74
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\75
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\76
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\77
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\89
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\91
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\92
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\93
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\94
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\95
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\96
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\97
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\98
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\99
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\100
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\102
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\104
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\105
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\106
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\107
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\108
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\109
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\110
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\112
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\113
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\114
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\115
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\116
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\117
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\118
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\119
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\120
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\121
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\122
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\123
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\124
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\125
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\127
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\128
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\129
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\130
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\131
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\132
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\133
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\134
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\135
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\136
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\137
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\138
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\139
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\140
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\141
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\142
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\143
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\144
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\145
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\146
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\147
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\148
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\149
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\150
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\151
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\152
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\153
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\154
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\155
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\156
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\157
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\158
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\159
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\160
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\162
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\163
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\164
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\165
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\166
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\167
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\168
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\169
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\170
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\171
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\172
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\173
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\174
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\175
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\176
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\177
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\178
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\179
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\180
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\181
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\182
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\183
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\184
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\185
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\186
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\187
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\188
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\189
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\191
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\192
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\193
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\194
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\195
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\196
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\197
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\198
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\199
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\200
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\202
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\203
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\204
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\205
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\206
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\207
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\208
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\209
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\210
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\211
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\213
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\214
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\215
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\216
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\217
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\218
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\219
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\220
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\221
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\222
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\223
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\225
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\226
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\227
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\228
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\229
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\230
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\231
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\232
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\233
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\234
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\235
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\236
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\237
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\238
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\239
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\240
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\241
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\242
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\243
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\244
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\245
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\246
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\248
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\249
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\250
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\251
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\253
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\254
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\255
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\256
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\257
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\258
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\259
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\260
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\261
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\262
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\263
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\264
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\265
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\266
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\267
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\268
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\269
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\270
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\271
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\272
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\273
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\274
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\275
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\276
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\277
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\278
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\279
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\280
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\281
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\282
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\283
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\284
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\285
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\286
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\287
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\288
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\289
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\290
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\291
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\292
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\293
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\294
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\295
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\296
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\297
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\298
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\299
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\300
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\301
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\302
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\303
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\304
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\305
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\306
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\307
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\308
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\309
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\310
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\311
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\312
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\313
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\314
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\315
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\316
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\317
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\318
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\320
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\321
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\322
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\323
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\324
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\325
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\326
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\327
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\328
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\329
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\330
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\331
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\332
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\333
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\334
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\335
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\336
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\337
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\338
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\339
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\340
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\341
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\342
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\343
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\344
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\345
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\346
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\pgtshlld
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nidnsdr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23naelch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ytpme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\21ipart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23lserspg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\aplnsftn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23rtcdaol

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
__________
Dieser Satz kein Verb.
Dieser Beitrag wurde am 02.01.2006 um 00:32 Uhr von Mocca editiert.
Seitenanfang Seitenende
02.01.2006, 20:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#59 Mocca

loeschen:
c:\DriverLoad\svchost.exe
c:\DriverLoad

---------------------------------------------------------------------
http://virus-protect.org/multiavtool.html
klicke "3" McAfee -- es erscheint ein leeres DOS-Fenster.
- man muss eingeben, was gescannt werden soll

- C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\

poste die drei scanreporte ;)

--------------------------------------------------------------------

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\Windows\System32\dpwtpaxp.dll

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
03.01.2006, 01:15
Member

Beiträge: 45
#60 Nur Zwischenbericht:



01/03/2006 01:04:25


Options:
"C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: [Betriebssystem]
Scanning C:\WINDOWS\*.*

Summary report on C:\WINDOWS\*.*
File(s)
Total files: ........... 33397
Clean: ................. 33386
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 1


Time: 00:09.37
__________
Dieser Satz kein Verb.
Seitenanfang Seitenende