TR/Qhost.QR TR/Click.526 Wie kann man die entfernen?Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
08.12.2005, 00:37
Member
Beiträge: 45 |
||
|
||
08.12.2005, 11:15
Ehrenmitglied
Beiträge: 29434 |
#47
Mocca
Zitat habe unter http://www.sophos.de/virusinfo/analyses/trojdloaderra.htmlich weiss nicht, was du da geladen hast...ich hatte es jedoch nicht angewiesen, die Seite war nur zur Information mache noch einen Onlinescan mit kaspersky und berichte http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.12.2005, 15:54
Member
Beiträge: 45 |
#48
Hallo sabina!
versuche seit zwei tagen den kaspersky-online-scan durchzuführen. der scan läuft nicht mit firefox, verlangt den explorer. so weit,so gut. wenn ich die seite mit dem explorer aufmachen will, geht nix, weil mir der rechner angibt, den explorer nicht finden zu können, obwohl er aktiv ist. Deswegen, meine Frage: Gibt es ne alternative zum kaspersky online scan? Gruß, Moc __________ Dieser Satz kein Verb. |
|
|
||
10.12.2005, 19:55
Ehrenmitglied
Beiträge: 29434 |
#49
Hallo@Mocca
ewido--> scanne und poste den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.12.2005, 21:48
Member
Beiträge: 45 |
#50
Hallo Sabina!
Hier der Scanreport von EWIDO ewido security suite - Scan Report --------------------------------------------------------- + Erstellt am: 21:47:42, 11.12.2005 + Report-Checksumme: 4B254D5C + Scanergebnis: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Gesäubert mit Backup HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Gesäubert mit Backup HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Gesäubert mit Backup HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Gesäubert mit Backup HKLM\SOFTWARE\Preview AdService -> Spyware.BlazeFind : Gesäubert mit Backup HKU\S-1-5-21-299502267-1972579041-725345543-500\Software\Need2Find -> Spyware.Need2Find : Gesäubert mit Backup HKU\S-1-5-21-299502267-1972579041-725345543-500\Software\Need2Find\bar -> Spyware.Need2Find : Gesäubert mit Backup HKU\S-1-5-21-299502267-1972579041-725345543-500\Software\RX Toolbar -> Spyware.RXToolbar : Gesäubert mit Backup C:\Programme\Need2Find -> Spyware.Need2Find : Gesäubert mit Backup C:\Programme\Need2Find\bar -> Spyware.Need2Find : Gesäubert mit Backup C:\Programme\Need2Find\bar\History -> Spyware.Need2Find : Gesäubert mit Backup C:\Programme\Need2Find\bar\History\search -> Spyware.Need2Find : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP129\A0022276.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP130\A0022513.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP130\A0022565.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP130\A0022586.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP131\A0022613.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP136\A0023040.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP136\A0023057.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP136\A0023070.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP137\A0025584.exe -> Spyware.Msnagent : Gesäubert mit Backup C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Gesäubert mit Backup ::Report Ende Liebe Grüße, Marco __________ Dieser Satz kein Verb. |
|
|
||
12.12.2005, 00:03
Ehrenmitglied
Beiträge: 29434 |
#51
Mocca
http://virus-protect.org/escan.html lade escan, arbeite alles ab und poste den scanbericht __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.12.2005, 23:45
Member
Beiträge: 45 |
#52
Hallo Sabina!
Ich habs endlich geschafft. etwas länger offline und Tücken mit der Technik gehabt. Hoffe, du hilfst mir dennoch weiter. hier der scanbericht: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Wed Dec 28 22:56:04 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken. 2: Wed Dec 28 22:56:04 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken. 3: Wed Dec 28 22:56:04 2005 => System found infected with adware.toolbar.sbsoft.h Spyware/Adware ({08bec6aa-49fc-4379-3587-4b21e286c19e})! Action taken: No Action Taken. 4: Wed Dec 28 22:56:04 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken. 5: Wed Dec 28 22:56:04 2005 => System found infected with websearch toolbar Spyware/Adware ({15ad6789-cdb4-47e1-a9da-992ee8e6bad6})! Action taken: No Action Taken. 6: Wed Dec 28 22:56:04 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken. 7: Wed Dec 28 22:56:04 2005 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken. 8: Wed Dec 28 22:56:07 2005 => Offending file found: C:\WINDOWS\System32\start.cdi 9: Wed Dec 28 22:56:07 2005 => System found infected with cydoor Spyware/Adware (start.cdi)! Action taken: No Action Taken. 10: Wed Dec 28 22:56:09 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Desktop\bearshare.lnk 11: Wed Dec 28 22:56:09 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken. 12: Wed Dec 28 22:56:09 2005 => Offending file found: C:\Dokumente und Einstellungen\Administrator\Favoriten\ebay.url 13: Wed Dec 28 22:56:09 2005 => System found infected with ezula Spyware/Adware (ebay.url)! Action taken: No Action Taken. 14: Wed Dec 28 22:56:11 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk 15: Wed Dec 28 22:56:11 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken. 16: Wed Dec 28 22:56:11 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk 17: Wed Dec 28 22:56:11 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken. 18: Wed Dec 28 22:56:11 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. 19: Wed Dec 28 22:56:11 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. 20: Wed Dec 28 22:56:47 2005 => File C:\WINDOWS\System32\csbgd.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 21: Wed Dec 28 22:57:01 2005 => File C:\WINDOWS\System32\favme.exe infected by "Trojan.Win32.Favadd.an" Virus! Action Taken: No Action Taken. 22: Wed Dec 28 22:57:03 2005 => File C:\WINDOWS\System32\HCLEAN32.EXE.VIR infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 23: Wed Dec 28 23:01:16 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 24: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0022116.EXE.001 25: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\A0022116.EXE.001 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 26: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0023056.EXE.001 27: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\A0023056.EXE.001 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 28: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0025740.EXE.001 29: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\A0025740.EXE.001 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 30: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.001 31: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.001 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 32: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.002 33: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.002 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 34: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.003 35: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.003 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 36: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.004 37: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.004 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 38: Wed Dec 28 23:01:16 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.005 39: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.005 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 40: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.006 41: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.006 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 42: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.007 43: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.007 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 44: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.008 45: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.008 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 46: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.009 47: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.009 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 48: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.010 49: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.010 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 50: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.011 51: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.011 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 52: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.012 53: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.012 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 54: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.013 55: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.013 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 56: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.014 57: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.014 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 58: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.015 59: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.015 infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 60: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.VIR 61: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.VIR infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 62: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.001 63: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.001 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 64: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.002 65: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.002 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 66: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.003 67: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.003 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 68: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.004 69: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.004 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 70: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.005 71: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.005 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 72: Wed Dec 28 23:01:17 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.006 73: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.006 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 74: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.007 75: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.007 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 76: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.008 77: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.008 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 78: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.009 79: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.009 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 80: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.010 81: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.010 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 82: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.011 83: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.011 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 84: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.012 85: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.012 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 86: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.013 87: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.013 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 88: Wed Dec 28 23:01:18 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.VIR 89: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.VIR tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 90: Wed Dec 28 23:11:37 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027427.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 91: Wed Dec 28 23:11:37 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027442.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 92: Wed Dec 28 23:11:37 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027452.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 93: Wed Dec 28 23:11:39 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP150\A0027476.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 94: Wed Dec 28 23:11:39 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP150\A0027489.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 95: Wed Dec 28 23:12:58 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP157\A0028230.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 96: Wed Dec 28 23:13:05 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028399.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 97: Wed Dec 28 23:13:05 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028413.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 98: Wed Dec 28 23:13:05 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028425.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 99: Wed Dec 28 23:18:07 2005 => File C:\WINDOWS\system32\csbgd.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 100: Wed Dec 28 23:22:49 2005 => File C:\WINDOWS\system32\favme.exe infected by "Trojan.Win32.Favadd.an" Virus! Action Taken: No Action Taken. 101: Wed Dec 28 23:22:52 2005 => File C:\WINDOWS\system32\HCLEAN32.EXE.VIR infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken. 102: Wed Dec 28 23:28:30 2005 => Scanning File F:\Musik\Electronic\Verschiedenes Techno\Irgendein Techno-Sampler\20-barthezz-infected__dj_gyfer_and_dj_roge_bubbling_remix.mp3 [**] 103: Wed Dec 28 23:28:37 2005 => Scanning File F:\Musik\HipHop\Bubba Sparxx\Bubba Sparxxx - [05] - Infected.mp3 [**] -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Wed Dec 28 22:57:46 2005 => File C:\WINDOWS\System32\ntfsnlpa.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken. 2: Wed Dec 28 22:58:05 2005 => File C:\WINDOWS\System32\RDSNDIN.EXE.VIR tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 3: Wed Dec 28 23:01:16 2005 => File C:\Programme\AVPersonal\INFECTED\A0023056.EXE.001 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 4: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.001 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 5: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.002 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 6: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.003 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 7: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.004 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 8: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.005 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 9: Wed Dec 28 23:01:17 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.006 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 10: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.007 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 11: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.008 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 12: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.009 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 13: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.010 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 14: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.011 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 15: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.012 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 16: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.013 tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 17: Wed Dec 28 23:01:18 2005 => File C:\Programme\AVPersonal\INFECTED\RDSNDIN.EXE.VIR tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. 18: Wed Dec 28 23:11:36 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027412.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken. 19: Wed Dec 28 23:11:37 2005 => File C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027460.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken. 20: Wed Dec 28 23:23:41 2005 => File C:\WINDOWS\system32\ntfsnlpa.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken. 21: Wed Dec 28 23:24:08 2005 => File C:\WINDOWS\system32\RDSNDIN.EXE.VIR tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry XPsys = C:\WINDOWS\XPsys.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 2: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry DriverLoad = c:\DriverLoad\svchost.exe -dl (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 3: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry DriverCheck = c:\DriverLoad\svchost.exe -dc (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 4: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry SystemDriverLoad = c:\DriverLoad\svchost.exe -sdl (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 5: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry SystemDriverCheck = c:\DriverLoad\svchost.exe -sdc (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 6: Wed Dec 28 22:55:52 2005 => ERROR!!! Invalid Entry SystemCheck = c:\DriverLoad\svchost.exe -sc (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. 7: Wed Dec 28 22:55:53 2005 => ERROR!!! Invalid Entry hclean32.exe = C:\WINDOWS\System32\hclean32.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 8: Wed Dec 28 22:55:53 2005 => ERROR!!! Invalid Entry dmnic.exe = C:\WINDOWS\System32\dmnic.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. 9: Wed Dec 28 22:56:03 2005 => ERROR!!! Invalid Entry System32\DRIVERS\wanatw4.sys in SYSTEM\CurrentControlSet\Services\wanatw... 10: Wed Dec 28 22:56:14 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken. 11: Wed Dec 28 22:56:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RealPlayer 6.0". Action Taken: No Action Taken. 12: Wed Dec 28 22:56:19 2005 => Entry "HKCR\CLSID\{FC598BEF-F90F-11D0-BE5A-00403338E4FF}" refers to invalid object "G:\ILMOle.dll". Action Taken: No Action Taken. 13: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\MyCalendar.dll". Action Taken: No Action Taken. 14: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{05563F82-69A7-40A6-8670-153B635A7EF6}" refers to invalid object "C:\Programme\RXToolBar\sfcont.dll". Action Taken: No Action Taken. 15: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Cerberus.dll". Action Taken: No Action Taken. 16: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{06A76548-79B6-407F-8B07-847844DAF187}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 17: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{06A95839-6BE6-470B-8E85-F1E770573407}" refers to invalid object "C:\Dokumente und Einstellungen\Mocca\Application Data\Microsoft\Forms\RefEdit.exd". Action Taken: No Action Taken. 18: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{083ED521-648D-4336-8271-30C2BCD9D5CF}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 19: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPPIC~4.DLL". Action Taken: No Action Taken. 20: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{15E35FD4-290D-4FD5-9A94-D0F2D65FED02}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. 21: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Xanthe.dll". Action Taken: No Action Taken. 22: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{179ABC29-673C-491E-947E-76540C735E86}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 23: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{19DF0AFA-3F1C-481C-909B-820B9BCCF371}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. 24: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{1B280200-9DE7-11D4-A2D4-001083025146}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\axclntbrg.dll". Action Taken: No Action Taken. 25: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPPIC~1.DLL". Action Taken: No Action Taken. 26: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{21F022C8-C045-4555-8A90-651E6A3DC6C6}" refers to invalid object "C:\Programme\Accoona\atoolbar.dll". Action Taken: No Action Taken. 27: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\CDDBControl.dll". Action Taken: No Action Taken. 28: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{24F9D171-9DC8-4803-B557-95B1D8C0C92F}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 29: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\axtrack.dll". Action Taken: No Action Taken. 30: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{2B9A24F5-55C7-4C58-8934-C09B13CE0AA3}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. 31: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "C:\Programme\Gemeinsame Dateien\aolshare\Coach\coachdm3.dll". Action Taken: No Action Taken. 32: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{3476FAB2-687F-4EA6-9AC2-88D72DC7D7FC}" refers to invalid object "C:\Programme\Google\Google Earth\GoogleEarth.exe". Action Taken: No Action Taken. 33: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{379919F2-1612-45B7-B9F4-773F6D5214F5}" refers to invalid object "C:\Programme\eDonkey2000\plugins\ed2kie.dll". Action Taken: No Action Taken. 34: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\sb.dll". Action Taken: No Action Taken. 35: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{3DAA2C68-7B57-4F2F-8FCE-2E23123B6ED1}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 36: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Phobos.dll". Action Taken: No Action Taken. 37: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}" refers to invalid object "C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken. 38: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken. 39: Wed Dec 28 22:56:19 2005 => Entry "HKCR\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}" refers to invalid object "C:\Programme\Babylon\Babylon.exe". Action Taken: No Action Taken. 40: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{60ACE49B-F247-4E12-B740-EF8DB1941D0F}" refers to invalid object "C:\Programme\ewido\security suite\context.dll". Action Taken: No Action Taken. 41: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPWz.dll". Action Taken: No Action Taken. 42: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{731B9F1D-5496-45D5-BCBF-4071980A1E08}" refers to invalid object "C:\Programme\AOL 8.0\ebrowser.dll". Action Taken: No Action Taken. 43: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{7730E782-A89A-11D3-9982-0060B088BBCA}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\NmpX\nmpx.dll". Action Taken: No Action Taken. 44: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aolshare\pictures\YGPPIC~3.DLL". Action Taken: No Action Taken. 45: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{7D9B8A4B-CA40-4D8A-B4DD-F1574DD1C323}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 46: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{7E15E6B3-7DCB-4825-B629-24C0B225FF41}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 47: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{7E2D5E1A-CD4F-4065-9BF9-D0764F8247C8}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 48: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{86FC1FC2-BCF3-11D1-B76F-58BB04C10000}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ZipNrun.tmp\rDxEmul.mom". Action Taken: No Action Taken. 49: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{89C91750-E291-4DDD-A091-CD4B800AB34D}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 50: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{8BBDA247-CE76-11D3-A2CE-00108335731F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\MIMEHook.dll". Action Taken: No Action Taken. 51: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Ares.dll". Action Taken: No Action Taken. 52: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{966EB259-158A-409B-BAB1-60B9CA728DCB}" refers to invalid object "C:\DOKUME~1\Mocca\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. 53: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken. 54: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{9869EFA6-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOKUME~1\Mocca\LOKALE~1\Temp\CmdLineExt02.dll". Action Taken: No Action Taken. 55: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{99A4FF7C-02DA-410D-A3BC-1C6C28060A68}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 56: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Programme\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll". Action Taken: No Action Taken. 57: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{9E02B26C-3EA2-47AE-B4C6-F20A89BDDF38}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 58: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{A0739880-6BF8-11D6-A10D-0010A49A288A}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\waol.exe". Action Taken: No Action Taken. 59: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{A5EF931C-7004-421E-A12E-B8471BAA14F2}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken. 60: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{AB1013C3-D58E-453F-955D-E587E39E9C58}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. 61: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{CC09D895-51EF-11D2-BA2A-00A024BF101B}" refers to invalid object "C:\PROGRA~1\Canon\PhotoRecord\OpPrintCom\OpPrintCom.dll". Action Taken: No Action Taken. 62: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\ae.dll". Action Taken: No Action Taken. 63: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{D54B0D90-F251-4C81-AF7D-5B77F1B6D603}" refers to invalid object "C:\DOKUME~1\Mocca\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 64: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "C:\Programme\AOL 9.0\abui.dll". Action Taken: No Action Taken. 65: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken. 66: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\Pathfinder.dll". Action Taken: No Action Taken. 67: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "C:\PROGRA~1\GEMEIN~1\aol\SCREEN~1\YGPSCR~1.DLL". Action Taken: No Action Taken. 68: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\Media\NmpXChat\nmpxchat.dll". Action Taken: No Action Taken. 69: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{E86F5307-002B-49A2-89C4-0784C44052C4}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\AMH.dll". Action Taken: No Action Taken. 70: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{EAA0E852-F04C-4B62-94CD-D397A75F2954}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken. 71: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "C:\PROGRA~1\AOL9~1.0\sa.dll". Action Taken: No Action Taken. 72: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{FA653B1B-DB39-41A5-8DF5-1A2FCEA0771D}" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken. 73: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{FC335C72-885A-4C86-825D-2D686E93A007}" refers to invalid object "C:\DOKUME~1\Mocca\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken. 74: Wed Dec 28 22:56:20 2005 => Entry "HKCR\TypeLib\{FC598BE0-F90F-11D0-BE5A-00403338E4FF}" refers to invalid object "G:\ILMOle.dll". Action Taken: No Action Taken. 75: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AdmilliService.zip is Not Scanned 76: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned 77: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Altnet.zip is Not Scanned 78: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip is Not Scanned 79: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip is Not Scanned 80: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp1.zip is Not Scanned 81: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp2.zip is Not Scanned 82: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp3.zip is Not Scanned 83: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DyFuCA.zip is Not Scanned 84: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\FindSpyA.zip is Not Scanned 85: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\FindSpyA1.zip is Not Scanned 86: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\FindSpyA2.zip is Not Scanned 87: Wed Dec 28 22:59:57 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\FindSpyA3.zip is Not Scanned 88: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator.zip is Not Scanned 89: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator1.zip is Not Scanned 90: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator10.zip is Not Scanned 91: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator11.zip is Not Scanned 92: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator13.zip is Not Scanned 93: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator14.zip is Not Scanned 94: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator15.zip is Not Scanned 95: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator16.zip is Not Scanned 96: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator18.zip is Not Scanned 97: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator19.zip is Not Scanned 98: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator2.zip is Not Scanned 99: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator20.zip is Not Scanned 100: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator3.zip is Not Scanned 101: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator4.zip is Not Scanned 102: Wed Dec 28 22:59:58 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator5.zip is Not Scanned 103: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator6.zip is Not Scanned 104: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator7.zip is Not Scanned 105: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator8.zip is Not Scanned 106: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\GAINGator9.zip is Not Scanned 107: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTactiveX.zip is Not Scanned 108: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar.zip is Not Scanned 109: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar1.zip is Not Scanned 110: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar2.zip is Not Scanned 111: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTbar3.zip is Not Scanned 112: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip is Not Scanned 113: Wed Dec 28 22:59:59 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip is Not Scanned 114: Wed Dec 28 23:00:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip is Not Scanned 115: Wed Dec 28 23:00:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\MainPean.zip is Not Scanned 116: Wed Dec 28 23:00:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Wareout.zip is Not Scanned 117: Wed Dec 28 23:00:00 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\Wareout1.zip is Not Scanned -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: C:\WINDOWS\System32\csbgd.exe => Trojan-Dropper.Win32.Vidro.u 2: C:\WINDOWS\System32\favme.exe => Trojan.Win32.Favadd.an 3: C:\WINDOWS\System32\HCLEAN32.EXE.VIR => Trojan.Win32.Qhost.df 4: C:\Programme\AVPersonal\INFECTED\A0022116.EXE.001 => Trojan.Win32.Qhost.df 5: C:\Programme\AVPersonal\INFECTED\A0025740.EXE.001 => Trojan.Win32.Qhost.df 6: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.001 => Trojan.Win32.Qhost.df 7: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.002 => Trojan.Win32.Qhost.df 8: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.003 => Trojan.Win32.Qhost.df 9: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.004 => Trojan.Win32.Qhost.df 10: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.005 => Trojan.Win32.Qhost.df 11: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.006 => Trojan.Win32.Qhost.df 12: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.007 => Trojan.Win32.Qhost.df 13: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.008 => Trojan.Win32.Qhost.df 14: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.009 => Trojan.Win32.Qhost.df 15: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.010 => Trojan.Win32.Qhost.df 16: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.011 => Trojan.Win32.Qhost.df 17: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.012 => Trojan.Win32.Qhost.df 18: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.013 => Trojan.Win32.Qhost.df 19: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.014 => Trojan.Win32.Qhost.df 20: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.015 => Trojan.Win32.Qhost.df 21: C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.VIR => Trojan.Win32.Qhost.df 22: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027427.exe => Trojan-Dropper.Win32.Vidro.u 23: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027442.exe => Trojan-Dropper.Win32.Vidro.u 24: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP149\A0027452.exe => Trojan-Dropper.Win32.Vidro.u 25: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP150\A0027476.exe => Trojan-Dropper.Win32.Vidro.u 26: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP150\A0027489.exe => Trojan-Dropper.Win32.Vidro.u 27: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP157\A0028230.exe => Trojan-Dropper.Win32.Vidro.u 28: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028399.exe => Trojan-Dropper.Win32.Vidro.u 29: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028413.exe => Trojan-Dropper.Win32.Vidro.u 30: C:\System Volume Information\_restore{84F6C3A3-0AA8-4D85-A44F-5CE48B329154}\RP158\A0028425.exe => Trojan-Dropper.Win32.Vidro.u 31: C:\WINDOWS\system32\csbgd.exe => Trojan-Dropper.Win32.Vidro.u 32: C:\WINDOWS\system32\favme.exe => Trojan.Win32.Favadd.an 33: C:\WINDOWS\system32\HCLEAN32.EXE.VIR => Trojan.Win32.Qhost.df -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Wed Dec 28 23:29:19 2005 => Total Objects Scanned: 61262 Wed Dec 28 23:29:19 2005 => Total Virus(es) Found: 83 Wed Dec 28 23:29:19 2005 => Total Errors: 117 Wed Dec 28 23:29:19 2005 => Virus Database Date: 2005/12/02 Wed Dec 28 23:29:19 2005 => Virus Database Count: 162781 Wed Dec 28 23:31:00 2005 => Total Objects Scanned: 61262 Wed Dec 28 23:31:00 2005 => Total Virus(es) Found: 83 Wed Dec 28 23:31:00 2005 => Total Errors: 117 Liebe Grüße, Moc!!! __________ Dieser Satz kein Verb. |
|
|
||
29.12.2005, 14:21
Ehrenmitglied
Beiträge: 29434 |
#53
Mocca
deaktiviere die systemwiederherstellung, dann aktiviere sie wieder http://virus-protect.org/systemwiederherstellung.html Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ doppelklick: blbeta.exe nach dem Check klicke -- next nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread kopiere hier das Log vom Silentrunner http://virus-protect.org/silentrunner.html ---------------------------- ist fuer mich: C:\WINDOWS\System32\ntfsnlpa.exe C:\WINDOWS\System32\RDSNDIN.EXE C:\WINDOWS\System32\RDSNDIN.EXE.VIR C:\WINDOWS\system32\csbgd.exe C:\WINDOWS\system32\favme.exe C:\WINDOWS\system32\HCLEAN32.EXE.VIR C:\WINDOWS\System32\hclean32.exe C:\WINDOWS\System32\dmnic.exe C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.12.2005, 23:09
Member
Beiträge: 45 |
#54
Hallo Sabina,
die Systemwiederherstellung habe ich deaktiviert. blacklight hat wohl nix gefunden....hier das file. 12/30/05 21:56:15 [Info]: BlackLight Engine 1.0.30 initialized 12/30/05 21:56:15 [Info]: OS: 5.1 build 2600 (Service Pack 1) 12/30/05 21:56:15 [Note]: 7019 4 12/30/05 21:56:15 [Note]: 7005 0 12/30/05 21:56:47 [Note]: 7006 0 12/30/05 21:56:47 [Note]: 7011 920 12/30/05 21:56:47 [Note]: FSRAW library version 1.7.1014 12/30/05 21:58:27 [Note]: 7007 0 den silentrunner konnte ich leider nicht starten, weil der windows script host auf meinem Rechner deaktiviert ist. weisst du, wie ich den aktivieren kann? gruß, moc __________ Dieser Satz kein Verb. |
|
|
||
30.12.2005, 23:16
Ehrenmitglied
Beiträge: 29434 |
#55
Problem:
Was den "Silentrunners" angeht...der funktioniert leider nicht. bekomme immer die meldung: "Der Zugriff auf Windows Script Host wurde für diesen Computer deaktiviert." und ich solle mich an den Administrator wenden. Schau mal, ob es in der Registry (Start -> Ausführen -> regedit) bei dir unter: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings einen Eintrag mit dem Namen Enabled gibt. Wenn ja, dann weise diesem den Wert 1 zu, dann ist der Scripting Host wieder aktiviert. (dann den PC neustarten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.12.2005, 21:24
Member
Beiträge: 45 |
#56
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "XPsys" = "C:\WINDOWS\XPsys.exe" [file not found] "DriverLoad" = "c:\DriverLoad\svchost.exe -dl" [file not found] "DriverCheck" = "c:\DriverLoad\svchost.exe -dc" [file not found] "SystemDriverLoad" = "c:\DriverLoad\svchost.exe -sdl" [file not found] "SystemDriverCheck" = "c:\DriverLoad\svchost.exe -sdc" [file not found] "SystemCheck" = "c:\DriverLoad\svchost.exe -sc" [file not found] "Winhost" = (empty string) "Winhost1" = (empty string) "Winhost2" = (empty string) "Winhost3" = (empty string) "Winhost4" = (empty string) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "HTpatch" = "C:\WINDOWS\htpatch.exe" [null data] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "hclean32.exe" = "C:\WINDOWS\System32\hclean32.exe" [file not found] "AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"] "AVSCHED32" = "C:\Programme\AVPersonal\AVSched32.EXE /min" ["H+BEDV Datentechnik GmbH"] "dmnic.exe" = "C:\WINDOWS\System32\dmnic.exe" [file not found] "Zone Labs Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."] HKLM\Software\Microsoft\Active Setup\Installed Components\ {44BBA842-CC51-11CF-AAFA-00AA00B6015B}\(Default) = "NetMeeting 3.01" \StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop-Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "System" = "cszhx.exe" [file not found] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] FileWiperContextMenuExtension\(Default) = "{B6BF4AAE-3AB0-4691-9119-2E6C13D38EFD}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\TweakPower\FileWiper.dll" ["Kurt Zimmermann"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ FileWiperContextMenuExtension\(Default) = "{B6BF4AAE-3AB0-4691-9119-2E6C13D38EFD}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\TweakPower\FileWiper.dll" ["Kurt Zimmermann"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] FileWiperContextMenuExtension\(Default) = "{B6BF4AAE-3AB0-4691-9119-2E6C13D38EFD}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\TweakPower\FileWiper.dll" ["Kurt Zimmermann"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Desktop Hintergrund.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor PIXMA iP3000\Driver = "CNMLM61.DLL" ["CANON INC."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 27 seconds, including 4 seconds for message boxes) __________ Dieser Satz kein Verb. |
|
|
||
01.01.2006, 14:58
Ehrenmitglied
Beiträge: 29434 |
#57
Mocca
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html c:\DriverLoad\svchost.exe --------------------------------------------------------------------------- Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken Zitat REGEDIT4*** Download FixWareout: http://swandog46.geekstogo.com/Fixwareout.exe Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt -->kopiere die txt-Datei ins Forum __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.01.2006, 00:17
Member
Beiträge: 45 |
#58
Hallo Sabina!
Zu Virustotal: Bei Upload der C:\DriverLoad\svchost.exe gibt mir virustotal folgende Meldung "File size can't be more than 10 Megabytes.You can't try compressing it." Hab mal im C:\driverload nachgeschaut und der hat 0 Dateien mit 0 Byte. Was nu? Hab trotzdem die registry wie angegeben im abgesicherten modus geändert. Anschließend hab ich den dritten Teil erledigt und hier ist der Scanbericht: Fixwareout ver 1.003 Last edited 12/5/2005 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\pgtshlld HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nidnsdr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23naelch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\aplnsftn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23rtcdaol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\13 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\14 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\17 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\18 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\19 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\20 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\21 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\22 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\24 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\25 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\26 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\27 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\28 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\29 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\30 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\31 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\33 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\34 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\cinmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\35 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\36 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\37 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\38 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\39 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\40 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\41 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\42 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\43 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\44 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\45 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\46 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\47 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\48 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\49 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\50 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\51 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\52 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\53 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\54 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\55 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\56 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\57 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\58 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\59 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\60 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\61 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\62 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\63 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\64 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\65 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\66 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\67 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\68 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\69 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\70 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\71 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\72 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\73 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\74 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\75 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\76 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\77 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\78 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\79 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\80 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\81 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\82 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\83 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\84 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\85 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\87 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\88 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\89 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\90 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\91 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\92 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\93 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\94 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\95 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\96 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\97 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\98 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\99 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\100 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\101 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\102 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\103 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\104 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\105 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\106 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\107 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\108 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\109 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\110 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\111 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\112 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\113 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\114 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\115 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\116 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\117 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\118 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\119 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\120 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\121 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\122 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\123 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\124 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\125 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\126 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\127 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\128 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\129 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\130 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\131 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\132 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\133 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\134 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\135 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\136 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\137 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\138 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\139 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\140 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\141 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\142 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\143 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\144 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\145 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\146 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\147 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\148 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\149 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\150 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\151 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\152 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\153 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\154 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\155 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\156 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\157 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\158 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\159 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\160 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\161 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\162 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\163 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\164 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\165 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\166 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\167 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\168 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\169 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\170 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\171 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\172 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\173 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\174 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\175 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\176 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\177 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\178 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\179 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\180 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\181 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\182 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\183 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\184 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\185 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\186 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\187 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\188 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\189 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\190 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\191 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\192 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\193 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\194 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\195 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\196 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\197 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\198 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\199 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\200 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\201 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\202 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\203 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\204 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\205 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\206 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\207 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\208 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\209 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\210 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\211 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\212 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\213 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\214 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\215 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\216 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\217 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\218 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\219 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\220 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\221 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\222 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\223 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\224 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\225 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\226 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\227 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\228 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\229 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\230 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\231 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\232 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\233 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\234 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\235 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\236 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\237 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\238 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\239 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\240 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\241 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\242 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\243 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\244 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\245 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\246 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\247 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\248 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\249 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\250 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\251 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\252 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\253 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\254 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\255 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\256 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\257 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\258 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\259 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\260 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\261 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\262 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\263 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\264 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\265 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\266 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\267 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\268 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\269 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\270 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\271 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\272 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\273 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\274 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\275 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\276 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\277 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\278 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\279 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\280 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\281 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\282 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\283 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\284 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\285 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\286 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\287 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\288 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\289 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\290 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\291 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\292 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\293 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\294 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\295 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\296 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\297 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\298 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\299 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\300 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\301 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\302 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\303 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\304 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\305 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\306 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\307 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\308 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\309 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\310 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\311 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\312 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\313 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\314 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\315 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\316 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\317 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\318 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\319 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\320 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\321 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\322 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\323 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\324 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\325 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\326 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\327 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\328 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\329 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\330 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\331 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\332 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\333 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\334 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\335 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\336 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\337 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\338 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\339 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\340 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\341 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\342 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\343 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\344 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\345 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\346 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\pgtshlld HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nidnsdr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23naelch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ytpme HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\21ipart HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23lserspg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\aplnsftn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23rtcdaol PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Search by size and names... »»»»» Misc files »»»»» Checking for older varients covered by the Rem3 tool __________ Dieser Satz kein Verb. Dieser Beitrag wurde am 02.01.2006 um 00:32 Uhr von Mocca editiert.
|
|
|
||
02.01.2006, 20:29
Ehrenmitglied
Beiträge: 29434 |
#59
Mocca
loeschen: c:\DriverLoad\svchost.exe c:\DriverLoad --------------------------------------------------------------------- http://virus-protect.org/multiavtool.html klicke "3" McAfee -- es erscheint ein leeres DOS-Fenster. - man muss eingeben, was gescannt werden soll - C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen: - C:\Windows - C:\ poste die drei scanreporte -------------------------------------------------------------------- Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html C:\Windows\System32\dpwtpaxp.dll __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.01.2006, 01:15
Member
Beiträge: 45 |
#60
Nur Zwischenbericht:
01/03/2006 01:04:25 Options: "C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [Betriebssystem] Scanning C:\WINDOWS\*.* Summary report on C:\WINDOWS\*.* File(s) Total files: ........... 33397 Clean: ................. 33386 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Time: 00:09.37 __________ Dieser Satz kein Verb. |
|
|
||
C:\WINDOWS\system32\winctrl16.exe
C:\WINDOWS\system32\winctrl32.exe
C:\WINDOWS\system32\winctrl64.exe
C:\WINDOWS\system32\trapi12.exe
C:\WINDOWS\system32\msblank32.html
C:\WINDOWS\system32\popcorn72.exe
Es sind keine vorhanden. Zudem habe ich noch einmal chronologisch mit der Killbox gearbeitet. Auch da negativ. Er findet keinerlei solcher Dateien mehr zum killen.
Bei Eingabe des letzten Eintrages
C:\WINDOWS\system32\popcorn72.exe
macht die killbox folgende Aussage:
" Pending File Rename Operations Registry Data has been removed by external Process! "
Die 1.dat,2.dat und 3.dat sind auch gelöscht.
Der Scanbericht von cureit sagt nix, die Statistik meldet: 87 überprüfte Dateien, nix gefunden.
Das einzige, was mir Anwendungsprobleme bereitet ist die Seite von Sophos.de;
bei dem angegebenen Link finde ich nur ne IDE-Datei zum Download. Die liegt dann auf meinem Desktop herum, ich kann sie nicht öffnen und weiss auch nicht, ob ich sie irgendwohin kopieren soll, damit sie ihren Dienst tut. Muß ich denn sophos antivir vorher runterladen? Da bin ich ratlos. Vielleicht ist das ja mein Fehler?
Gruß, Moc
__________
Dieser Satz kein Verb.