Home » Spyware & Browser Hijacker Support Forum » "res://C:\WINDOWS\system32\shdocnv.dll/warningAPI.htm#ID=MS038005;BGW » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

"res://C:\WINDOWS\system32\shdocnv.dll/warningAPI.htm#ID=MS038005;BGW

22.09.2005, 01:37

Argus

Ehrenmitglied

Beiträge: 6028

#1 @Sabina
Habe mein PC gestern infizieren lassen auf eine andere Helpdeskseite
Symptome:
RZS verursacht ein Fehler in Kernel32.dll
Fehler:Ungültiger Syntaxis
In die URL Adresleiste steht:shell:history
Pop-up von WorldAntiSpy
Die Desktop hintergrund ist Rot mit ein Fenster SPYWARE
Ein Fenster von eine xxxseite um die als Startseite einzustellen und mit folgender Text:
to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old

Hier das Log:
Logfile of HijackThis v1.99.1
Scan saved at 18:12:52, on 20-9-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.EXE
C:\WINDOWS\SYSTEM32\SVCNV.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS_199\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnv.dll/warningAPI.htm#ID=MS038005;BGW;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER010.DLL
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\PERFORMENT003.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SUNASDTSERV] C:\PROGRAM FILES\SUNBELT SOFTWARE\COUNTERSPY CLIENT\SUNASDTSERV.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [Fast Search] C:\WINDOWS\system32\svcnv.exe home
O4 - HKLM\..\Run: [Mscc] "C:\WINDOWS\SYSTEM\5400244.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: WorldAntiSpy.lnk = C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Support/PestScanner/pestscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll

Ist eine Smitfraud Infection!
Hatte bis dahin nur Counterspy und Spybot s&d drauf,Counterspy fand nur CoolWebSearch MWsearch in C:\Windows\zsettings.dll
Spybot s&d fand Smitfraud C,SurfSideKick und alles von Windows Security Center

Habe danach Spy Sweeper,eScan,Hoster,SmitRem installiert um alles wieder weg zu bekommen
Spy Sweeper fand:TrojanDownloader VXIframe,AZsearch toolbar,DRUsearch und Viren in die Back-ups von Hijack This!
eScan fand nichts!
Die Hosts datei war geändert
SmitRem: wininet.dll und oleert.dll waren infiziert
Beim entfernen von oleert.dll wird auf C:\ eine datei mit namen !Submit installiert
Und da fingen auch die Probleme an,al meine Anti Viren/Spyware Programme wurden demoliert
Hab nur noch Spybot S&D drauf nur wegen Google
Die Startseite wurde immer geändert nach www.msn.nl hab die jetzt fest gesetzt mit Spybot>Werkzeuge>Browser Seiten und alles geändert nach Google.com

Ich geh davon aus das da noch irgendetwas auf mein Rechner rumspukt

Bleibt am Ende nur noch Format c:
PS
In die URL Adresleiste steht:shell:history
Die neue Startseite geht über Spyware und lässt mich sehen wo ich wohne
meine IP adresse,mein Provider und lässt mich sehen was ich auf C:\ stehen habe !
__________
MfG Argus

Dieser Beitrag wurde am 22.09.2005 um 01:51 Uhr von Arnold editiert.

22.09.2005, 16:06

Argus

Ehrenmitglied
Themenstarter

Beiträge: 6028

#2 @Sabina und Managor

Windows neu aufgesetzt,nochmals infizieren lassen

Hier das Log
Logfile of HijackThis v1.99.1
Scan saved at 15:46:06, on 22-9-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\SVCNV.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\65975.EXE
C:\WINDOWS\SYSTEM\75869.EXE
C:\WINDOWS\SYSTEM\81879.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\WORLDANTISPY\WORLDANTISPY.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnv.dll/warningAPI.htm#ID=MS038005;BGW;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER010.DLL
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\PERFORMENT003.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Fast Search] C:\WINDOWS\system32\svcnv.exe home
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: WorldAntiSpy.lnk = C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/xxx/html.chm::/html.exe
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll

Und das WORC logfile
W.O.R.C. Systemänderungsbericht
Erstellt: 22-9-05 15:55:51

Dateisystem: Hinzugekommene Verzeichnisse
--------------------------------------------------
C:\Program Files\WorldAntiSpy\
C:\Program Files\WorldAntiSpy\Log\
C:\Program Files\WorldAntiSpy\Monitor\
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\
C:\Program Files\WorldAntiSpy\Scanner\
C:\Program Files\WorldAntiSpy\Scanner\Base\
C:\Program Files\WorldAntiSpy\Skinux\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\by_now\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\close\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\connection_settings\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\minimize\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\options\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBabout\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBie\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBpcshield\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBquarantine\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBScan\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBSysinfo\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBUpdate\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\red_simple\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\Register\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\remove_button\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple_large\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\arrow_down\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\arrow_up\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\
C:\WINDOWS\Application Data\Macromedia\
C:\WINDOWS\Application Data\Macromedia\Flash Player\
C:\WINDOWS\Application Data\Macromedia\Flash Player\#SharedObjects\
C:\WINDOWS\Application Data\Macromedia\Flash Player\#SharedObjects\V5HC3FNV\
C:\WINDOWS\Application Data\Macromedia\Flash Player\macromedia.com\
C:\WINDOWS\Application Data\Macromedia\Flash Player\macromedia.com\support\
C:\WINDOWS\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\
C:\WINDOWS\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
C:\WINDOWS\Application Data\Skinux\
C:\WINDOWS\Application Data\Skinux\WORLDANTISPY\
C:\WINDOWS\Favorieten\HELP\
C:\WINDOWS\Start Menu\Programma's\WorldAntiSpy\

Dateisystem: Gelöschte Verzeichnisse
--------------------------------------------------

Dateisystem: Hinzugekommene Dateien
--------------------------------------------------
C:\Mijn documenten\hijackthis.lo.txt
C:\Mijn documenten\hijackthis1.log.txt
C:\Mijn documenten\naamloos.bmp
C:\PopUp Blocker.url
C:\Program Files\WorldAntiSpy\imagehlp.dll
C:\Program Files\WorldAntiSpy\license.txt
C:\Program Files\WorldAntiSpy\Log\was.log
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c820-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c821-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c822-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c823-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c824-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c825-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c826-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c827-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c828-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c829-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c82a-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c82b-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c82c-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c82d-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c82e-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c82f-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c830-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c831-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c832-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c833-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c834-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c835-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c836-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c837-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c838-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c839-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c83a-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c83b-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c83c-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c83d-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c83e-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c83f-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c840-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c841-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c842-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c843-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c844-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c845-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c846-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c847-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c848-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c849-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c84a-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c84b-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c84c-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c84d-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c84e-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c84f-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c850-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c851-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c852-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c853-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Monitor\Snapshot\{abf8c854-2b7f-11da-a712-0050bf961a0f}
C:\Program Files\WorldAntiSpy\Scanner\Base\base.dat
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\accel.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\bottom.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\by_now\btn_buynow_deff_1.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\by_now\btn_buynow_over_1.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\by_now\btn_buynow_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\close\btn_close_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\close\btn_close_dis.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\close\btn_close_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\close\btn_close_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\connection_settings\btn_connection_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\connection_settings\btn_connection_dis.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\connection_settings\btn_connection_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\connection_settings\btn_connection_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\minimize\btn_minimize_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\minimize\btn_minimize_dis.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\minimize\btn_minimize_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\minimize\btn_minimize_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\options\btn_options_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\options\btn_options_dis.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\options\btn_options_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\options\btn_options_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBabout\btn_about_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBabout\btn_about_over0.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBabout\btn_about_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBie\btn_ieshield_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBie\btn_ieshield_over0.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBie\btn_ieshield_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBpcshield\btn_pcshield_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBpcshield\btn_pcshield_over0.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBpcshield\btn_pcshield_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBquarantine\btn_quarantine_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBquarantine\btn_quarantine_over0.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBquarantine\btn_quarantine_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBScan\btn_scan_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBScan\btn_scan_over0.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBScan\btn_scan_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBSysinfo\btn_sysinfo_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBSysinfo\btn_sysinfo_over0.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBSysinfo\btn_sysinfo_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBUpdate\btn_update_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBUpdate\btn_update_over0.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\PBUpdate\btn_update_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\red_simple\deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\red_simple\over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\red_simple\pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\Register\btn_register_deff_1.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\Register\btn_register_down.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\Register\btn_register_over_1.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\Register\btn_registred.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\remove_button\btn_register_deff_1.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\remove_button\btn_register_deff_2.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\remove_button\btn_register_deff_3.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\remove_button\btn_register_deff_4.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\remove_button\btn_register_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\remove_button\btn_register_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple\deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple\dis.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple\over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple\pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple_large\longdeff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple_large\longdis.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple_large\longover.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\simple_large\longpressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_autorun_off.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_autorun_on.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_autorun_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_browsmod_off.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_browsmod_on.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_browsmod_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_browsobj_off.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_browsobj_on.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_browsobj_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_runproc_off.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_runproc_on.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\buttons\sysinfo\btn_runproc_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\checkboxoff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\checkboxon.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\radiooff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\radioon.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\arrow_down\btn_arrow_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\arrow_down\btn_arrow_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\arrow_down\btn_arrow_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\arrow_up\btn_arrow_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\arrow_up\btn_arrow_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\arrow_up\btn_arrow_pressed.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\line.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\scrollbutton_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\scrollbutton_over.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\elements\scroll\scrollbutton_press.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panel_about.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panel_ieshield.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panel_next.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panel_pcshield.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panel_quarantine.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panel_scan.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panel_sysinfo.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panel_update.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\about_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\bottom.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\ieprotection_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\pcprotection_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\quarantine_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\scan_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\scannext_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\sysinfoautorun_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\sysinfobrowsermod_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\sysinfobrowserobj_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\sysinfoprocess_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\top.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\checkfile_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\checkfile_done.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\connect_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\connect_done.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\download_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\download_done.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\getinf_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\getinfo_deff.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\getinfo_done.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress_01.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress_03.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress_05.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress_07.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress1_01.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress1_03.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress1_05.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress1_07.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress2_01.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress2_03.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress2_05.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress2_07.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress3_01.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress3_03.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress3_05.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update\inprogress3_07.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\panels\update_page.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Skin.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Skin.xsl
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\toolbar.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_alert.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_alert_detail.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_alert_found.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_bugreport.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_connection_settings.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_error.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_information.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_options.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_question.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_register.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\win_registeralert.xml
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\alert.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\bugreport.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\connection_settings.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\details.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\error.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\information.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\preferences.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\progressbarempty.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\progressbarfull.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\register.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\registeralert.png
C:\Program Files\WorldAntiSpy\Skinux\WorldAntiSpy\Skins\Classic\Windows\registeralert2.png
C:\Program Files\WorldAntiSpy\unicows.dll
C:\Program Files\WorldAntiSpy\unins000.dat
C:\Program Files\WorldAntiSpy\unins000.exe
C:\Program Files\WorldAntiSpy\WorldAntiSpy.exe
C:\Program Files\WorldAntiSpy\WorldAntiSpy.ico
C:\Spyware Remover.url
C:\WINDOWS\All Users\Desktop\Blowjob.url
C:\WINDOWS\All Users\Desktop\Car Insurance.url
C:\WINDOWS\All Users\Desktop\Cigarettes Discount.url
C:\WINDOWS\All Users\Desktop\Credit Card.url
C:\WINDOWS\All Users\Desktop\Forex Trading.url
C:\WINDOWS\All Users\Desktop\Free Ringtones.url
C:\WINDOWS\All Users\Desktop\Gift Ideas.url
C:\WINDOWS\All Users\Desktop\Group Sex.url
C:\WINDOWS\All Users\Desktop\Home Loan.url
C:\WINDOWS\All Users\Desktop\Mp3 Download.url
C:\WINDOWS\All Users\Desktop\Online Casino.url
C:\WINDOWS\All Users\Desktop\Online Dating.url
C:\WINDOWS\All Users\Desktop\Phentermine.url
C:\WINDOWS\All Users\Desktop\Play Poker.url
C:\WINDOWS\All Users\Desktop\PopUp Blocker.url
C:\WINDOWS\All Users\Desktop\Porn Dvd.url
C:\WINDOWS\All Users\Desktop\Real Estate.url
C:\WINDOWS\All Users\Desktop\Sport Betting.url
C:\WINDOWS\All Users\Desktop\Spyware Remover.url
C:\WINDOWS\All Users\Desktop\Texas Holdem.url
C:\WINDOWS\All Users\Desktop\Viagra.url
C:\WINDOWS\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Quick Launch\WorldAntiSpy.lnk
C:\WINDOWS\Application Data\Skinux\WORLDANTISPY\Profile.xml
C:\WINDOWS\APPLOG\MSPAINT.LGC
C:\WINDOWS\APPLOG\NOTEPAD.LGC
C:\WINDOWS\APPLOG\WORC.LGC
C:\WINDOWS\desktop.html
C:\WINDOWS\Desktop\hijackthis.log
C:\WINDOWS\Desktop\WorldAntiSpy.lnk
C:\WINDOWS\Downloaded Program Files\swflash.inf
C:\WINDOWS\Favorieten\HELP\Protecus Security - News, Forum und Anleitungen.url
C:\WINDOWS\Favorieten\HELP\Protecus Security Forum.url
C:\WINDOWS\Favorieten\ImageShack® - Hosting.url
C:\WINDOWS\flag.bla
C:\WINDOWS\Start Menu\Programma's\Opstarten\WorldAntiSpy.lnk
C:\WINDOWS\Start Menu\Programma's\WorldAntiSpy\Uninstall WorldAntiSpy.lnk
C:\WINDOWS\Start Menu\Programma's\WorldAntiSpy\WorldAntiSpy.lnk
C:\WINDOWS\SYSTEM\65975.exe
C:\WINDOWS\SYSTEM\75869.exe
C:\WINDOWS\SYSTEM\81879.exe
C:\WINDOWS\SYSTEM\birdihuy.dll
C:\WINDOWS\SYSTEM\birdihuy32.dll
C:\WINDOWS\SYSTEM\ergergt55ytf.y5r
C:\WINDOWS\SYSTEM\kempersoi32.dll
C:\WINDOWS\SYSTEM\MACROMED\FLASH\Flash8.ocx
C:\WINDOWS\SYSTEM\MACROMED\FLASH\GetFlash.exe
C:\WINDOWS\SYSTEM\oleext.dll
C:\WINDOWS\SYSTEM\performent003.dll
C:\WINDOWS\SYSTEM\zlokdfs9.leo
C:\WINDOWS\SYSTEM\zolker010.dll
C:\WINDOWS\SYSTEM\ztoolb010.dll
C:\WINDOWS\SYSTEM32\shdocnv.dll
C:\WINDOWS\SYSTEM32\svcnv.exe

Dateisystem: Gelöschte Dateien
--------------------------------------------------
C:\WINDOWS\APPLOG\IEXPLORE.LGC

Dateisystem: Veränderte Dateien
--------------------------------------------------
C:\WINDOWS\WININIT.BAK
C:\WINDOWS\WIN386.SWP
C:\WINDOWS\WIN.INI
C:\WINDOWS\WAVEMIX.INI
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\SYSTEM\WININET.DLL
C:\WINDOWS\SYSTEM.INI
C:\WINDOWS\SchedLog.Txt
C:\WINDOWS\POWERPNT.INI
C:\WINDOWS\NDISLOG.TXT
C:\WINDOWS\INF\SWFLASH.INF
C:\WINDOWS\History\History.IE5\MSHist012005092220050923\index.dat
C:\WINDOWS\History\History.IE5\index.dat
C:\WINDOWS\APPLOG\APPLOG.ind
C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk

Registry: Hinzugekommene Schlüssel
--------------------------------------------------
HKEY_USERS\.DEFAULT\Software\Macromedia\FlashPlayer
HKEY_USERS\.DEFAULT\Software\Microsoft\Command Processor
HKEY_USERS\.DEFAULT\Software\Microsoft\Office
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Common
HKEY_USERS\.DEFAULT\Software\Microsoft\Office\Common\Assistant
HKEY_USERS\.DEFAULT\Software\Microsoft\WAB
HKEY_USERS\.DEFAULT\Software\Microsoft\WAB\WAB4
HKEY_USERS\.DEFAULT\Software\Microsoft\WAB\WAB4\Wab File Name
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Colors
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar0
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar1
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar2
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Summary
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Settings
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\IP
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Options
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\RTF
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Settings
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Text
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Word6
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Write
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Windows
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\Software\CLASSES\.mfp
HKEY_LOCAL_MACHINE\Software\CLASSES\.sol
HKEY_LOCAL_MACHINE\Software\CLASSES\.sor
HKEY_LOCAL_MACHINE\Software\CLASSES\Applications\.exe
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{9C5875B8-93F3-429D-FF34-660B206D897A}
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{9C5875B8-93F3-429D-FF34-660B206D897A}\InProcServer32
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A}
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A}\InProcServer32
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.mfp
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\MiscStatus
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}\InProcServer32
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\TypeLib
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\ProxyStubClsid
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\TypeLib
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\CLSID
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\shell
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\shell\open
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.6
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.6\CLSID
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.7
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.7\CLSID
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.8
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.8\CLSID
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\0
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\0\win32
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\FLAGS
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{11010101-1001-1111-1000-110112345678}
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{11010101-1001-1111-1000-110112345678}\Contains
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{11010101-1001-1111-1000-110112345678}\DownloadInformation
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{11010101-1001-1111-1000-110112345678}\InstalledVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Contains
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InstalledVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager
HKEY_LOCAL_MACHINE\Software\Microsoft\General
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\checkboxes
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\flags
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\strings
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\textinputs
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000535-0000-0010-8000-00AA006D2EA4}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{13709620-C279-11CE-A49E-444553540000}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\http://board.protecus.de/login.php:StringData
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\http://board.protecus.de/login.php:StringIndex
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\q:StringData
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\q:StringIndex
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DateTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DateTime\Servers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9C5875B8-93F3-429D-FF34-660B206D897A}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B75F75B8-93F3-429D-FF34-660B206D897A}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\MyComputer\BackupPath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\MyComputer\ChkDskPath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\MyComputer\DefragPath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\StandardProfile
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Log
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\checkboxes
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\flags
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\strings
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\textinputs
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\flags
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\strings
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\textinputs
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\flags
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\strings
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\textinputs
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\flags
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\strings
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\textinputs
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\textinputs
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\UpdateOptions
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\UpdateOptions\checkboxes
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\UpdateOptions\flags
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\UpdateOptions\strings
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\UpdateOptions\textinputs
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\checkboxes
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\textinputs
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Quarantine
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Scanner
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasMan
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RasMan\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wscsvc

Registry: Gelöschte Schlüssel
--------------------------------------------------

Registry: Hinzugekommene Werte
--------------------------------------------------
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Colors\NumberOfColors="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar0\BarID="59393"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar1\Bar#0="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar1\Bar#1="59416"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar1\Bar#2="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar1\BarID="59422"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar1\Bars="3"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar2\Bar#0="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar2\Bar#1="59415"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar2\Bar#2="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar2\BarID="59420"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar2\Bars="3"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\BarID="59415"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\Docking="1"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\MRUDockBottomPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\MRUDockID="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\MRUDockLeftPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\MRUDockRightPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\MRUDockTopPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\MRUFloatStyle="4096"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\MRUFloatXPos="-2147483648"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\MRUFloatYPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\XPos="-2"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar3\YPos="-2"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\BarID="59416"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\Docking="1"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\MRUDockBottomPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\MRUDockID="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\MRUDockLeftPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\MRUDockRightPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\MRUDockTopPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\MRUFloatStyle="8192"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\MRUFloatXPos="-2147483648"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\MRUFloatYPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\XPos="-2"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Bar4\YPos="-2"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Summary\Bars="5"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Summary\ScreenCX="800"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\General-Summary\ScreenCY="600"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List\File1="C:\Mijn documenten\naamloos.bmp"»String«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\Bold="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\Italic="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\PointSize="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\PositionX="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\PositionY="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\ShowTextTool="1"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\TextPen="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\TypeFaceName="MS Sans Serif"»String«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\Underline="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Text\VerticalEdit="-1"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\BMPHeight="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\BMPWidth="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\GridExtent="1"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\NoStretching="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\ShowThumbnail="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\SnapToGrid="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\ThumbHeight="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\ThumbWidth="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\ThumbXPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\ThumbYPos="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\UnitSetting="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\View\WindowPlacement="2C,00,00,00,EE,FE,FF,FF,6C,FE,FF,FF,00,00,00,00"»Unknown«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\IP\BarState0="15"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\IP\BarState1="15"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\IP\Layout2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\IP\LayoutAux2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\IP\Wrap="2"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Options\FrameRect="6E,00,00,00,6E,00,00,00,C6,02,00,00,09,02,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Options\Maximized="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Options\PageMargin="08,07,00,00,A0,05,00,00,08,07,00,00,A0,05,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Options\Units="1"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Options\WordSel="1"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List\File1="C:\IO.SYS"»String«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\RTF\BarState0="15"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\RTF\BarState1="15"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\RTF\Layout2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\RTF\LayoutAux2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\RTF\Wrap="1"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Text\BarState0="6"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Text\BarState1="6"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Text\Layout2="E5,FF,FF,5F,C5,B4,E2,97,59,82,34,01,3C,6E,2E,68"»Unknown«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Text\LayoutAux2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Text\Wrap="0"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Word6\BarState0="15"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Word6\BarState1="15"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Word6\Layout2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Word6\LayoutAux2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Word6\Wrap="2"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Write\BarState0="15"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Write\BarState1="15"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Write\Layout2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Write\LayoutAux2="02,00,00,00,20,03,00,00,58,02,00,00,00,00"»Binary«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Write\Wrap="2"»dWord«
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0\dkfibjjcnlplceoibcppeenjdjafgeia iojijpakbfpjmhninkoiekhhceonllgf="Macromedia, Inc."»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\.mfp\@="MacromediaFlashPaper.MacromediaFlashPaper"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\.mfp\Content Type="application/x-shockwave-flash"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\.sol\Content Type="text/plain"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\.sor\Content Type="text/plain"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}\Bin="6F,93,60,6F,81,89,84,7D,74,73,6E,70"»Binary«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}\IT="-1127395968"»dWord«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}\No="1"»dWord«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{9C5875B8-93F3-429D-FF34-660B206D897A}\InProcServer32\@="C:\WINDOWS\SYSTEM\PERFORMENT003.DLL"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{9C5875B8-93F3-429D-FF34-660B206D897A}\InProcServer32\ThreadingModel="Apartment"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A}\InProcServer32\@="C:\WINDOWS\SYSTEM\ZOLKER010.DLL"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A}\InProcServer32\ThreadingModel="Apartment"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\MiscStatus\@="32"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}\InProcServer32\@="C:\WINDOWS\SYSTEM\birdihuy32.dll"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}\InProcServer32\ThreadingModel="Apartment"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\@="ISimpleTextSelection"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\ProxyStubClsid\@="{00020424-0000-0000-C000-000000000046}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\ProxyStubClsid32\@="{00020424-0000-0000-C000-000000000046}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\TypeLib\@="{57A0E746-3863-4D20-A811-950C84F1DB9B}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{307F64C0-621D-4D56-BBC6-91EFC13CE40D}\TypeLib\Version="1.0"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\@="IFlashAccessibility"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\ProxyStubClsid\@="{00020424-0000-0000-C000-000000000046}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\ProxyStubClsid32\@="{00020424-0000-0000-C000-000000000046}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\TypeLib\@="{57A0E746-3863-4D20-A811-950C84F1DB9B}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{57A0E747-3863-4D20-A811-950C84F1DB9B}\TypeLib\Version="1.0"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\@="Macromedia Flash Paper"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\CLSID\@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\DefaultIcon\@="C:\PROGRA~1\INTERN~1\iexplore.exe,1"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command\@=""C:\PROGRA~1\INTERN~1\iexplore.exe" -nohome "%1""»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.6\@="Shockwave Flash Object"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.6\CLSID\@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.7\@="Shockwave Flash Object"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.7\CLSID\@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.8\@="Shockwave Flash Object"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash.8\CLSID\@="{D27CDB6E-AE6D-11cf-96B8-444553540000}"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\@="FlashAccessibility"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\0\win32\@="C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX\2"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\FLAGS\@="0"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{57A0E746-3863-4D20-A811-950C84F1DB9B}\1.0\HELPDIR\@="C:\WINDOWS\SYSTEM\MACROMED\FLASH\"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{11010101-1001-1111-1000-110112345678}\Installer="MSICD"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{11010101-1001-1111-1000-110112345678}\SystemComponent="0"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{11010101-1001-1111-1000-110112345678}\DownloadInformation\CODEBASE="mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/xxx/html.chm::/html.exe"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{11010101-1001-1111-1000-110112345678}\InstalledVersion\@="0,0,0,1"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Installer="MSICD"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\SystemComponent="0"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation\CODEBASE="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation\INF="C:\WINDOWS\Downloaded Program Files\swflash.inf"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InstalledVersion\@="8,0,22,0"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\InstalledVersion\LastModified="Tue, 13 Sep 2005 00:21:53 GMT"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\flags\@="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\flags\BeginInitReportSent="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\flags\FirstLaunchReportSent="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\flags\HardwareIDReportSent="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\flags\ScanStartedReportSent="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\General\Reports\Options\Reports\flags\ScanStoppedReportSent="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000535-0000-0010-8000-00AA006D2EA4}\Compatibility Flags="1024"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{00000566-0000-0010-8000-00AA006D2EA4}\Compatibility Flags="1024"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{13709620-C279-11CE-A49E-444553540000}\Compatibility Flags="1024"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}\Compatibility Flags="0"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\CLSID="{B75F75B8-93F3-429D-FF34-660B206D897A}"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\Blocking="A7,CC,3D,8B,CA,D9,1F,02,45,52,BF,D4,49,7D,E7,B5"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\Display String="Internet Explorer"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\Access Rules="71,05,AB,5C,24,B3,93,4B,84,FF,92,33,89,93,D7,79"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\Display String="Internet Explorer"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\http://board.protecus.de/login.php:StringData\Behavior="0B,2D,99,FE,FC,8F,B4,D0,67,F4,DC,22,B9,6E,D3,EA"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\http://board.protecus.de/login.php:StringData\Item Data="DC,A3,10,7A,02,74,4D,41,AA,0A,3E,3A,9D,60,1C,08"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\http://board.protecus.de/login.php:StringIndex\Behavior="95,41,D5,44,49,9F,6C,32,3F,23,CD,85,58,4A,1B,B4"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\http://board.protecus.de/login.php:StringIndex\Item Data="38,02,21,41,81,3C,61,B4,FB,C3,FC,F1,76,ED,B1,8D"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\q:StringData\Behavior="50,2F,13,3F,57,FE,76,65,B3,77,3E,55,DC,3B,A6,96"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\q:StringData\Item Data="08,1F,04,DF,9B,D6,D3,5D,CA,0B,E6,7F,F9,DA,84,13"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\q:StringIndex\Behavior="1D,DA,54,C0,4A,0C,0B,9A,C9,66,38,CD,9F,6F,B3,A3"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e1
__________
MfG Argus

22.09.2005, 16:14

Argus

Ehrenmitglied
Themenstarter

Beiträge: 6028

#3 HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\argus\Data\e161255a-37c3-11d2-bcaa-00c04fd929db\e161255a-37c3-11d2-bcaa-00c04fd929db\q:StringIndex\Item Data="DE,39,5E,77,31,FC,CE,6B,57,BD,CA,F2,05,5E,31,E9"»Unknown«
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\AntiVirusDisableNotify="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\AntiVirusOverride="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallOverride="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\UpdatesDisableNotify="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents\flash="application/x-shockwave-flash"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Fast Search="C:\WINDOWS\system32\svcnv.exe home"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DDE="{F33812FB-F35C-4674-90F6-FD757C419C51}"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!!\DisplayName="Best Search Engine!!!"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!!\UninstallString="Rundll32.exe C:\WINDOWS\SYSTEM\ZOLKER010.DLL, DllUnregisterServer"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash\DisplayName="Macromedia Flash Player 8"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash\DisplayVersion="8"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash\HelpLink="http://www.macromedia.com/go/flashplayer_support/"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash\Publisher="Macromedia"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash\UninstallString="RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash\URLUpdateInfo="http://www.macromedia.com/go/flashplayer/"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash\VersionMajor="8"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash\VersionMinor="0"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\DisplayName="WorldAntiSpy.com"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\HelpLink="http://www.WorldAntiSpy.com/support"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\Inno Setup: App Path="C:\Program Files\WorldAntiSpy"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\Inno Setup: Deselected Tasks=""»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\Inno Setup: Icon Group="WorldAntiSpy"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\Inno Setup: Selected Tasks="desktopicon,quicklaunchicon"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\Inno Setup: Setup Version="5.1.4"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\Inno Setup: User="Argus"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\InstallLocation="C:\Program Files\WorldAntiSpy\"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\NoModify="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\NoRepair="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\Publisher="WorldAntiSpy.com"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\QuietUninstallString=""C:\Program Files\WorldAntiSpy\unins000.exe" /SILENT"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\UninstallString=""C:\Program Files\WorldAntiSpy\unins000.exe""»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\URLInfoAbout="http://www.WorldAntiSpy.com"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WorldAntiSpy.com_is1\URLUpdateInfo="http://www.WorldAntiSpy.com/updates"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\AUOptions="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2="1"»dWord«
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall="0"»dWord«
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Version="1.3.3 b3060(kva00)"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Log\LogFilePath="C:\PROGRAM FILES\WORLDANTISPY\Log\was.log"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\SnapshotFolder="C:\PROGRAM FILES\WORLDANTISPY\Monitor\Snapshot"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Command Processor\AutoRun="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Actions\hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword="Query"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Command Processor\AutoRun="{abf8c820-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\@="{abf8c821-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\@="{abf8c822-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Page_URL="{abf8c823-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Default_Search_URL="{abf8c824-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Local Page="{abf8c825-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Bar="{abf8c826-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Search Page="{abf8c827-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\Main\Start Page="{abf8c828-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL="{abf8c829-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Internet Explorer\SearchURL\@="{abf8c82a-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Office\Common\Assistant\AssFile="{abf8c82b-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Office\Common\Assistant\CurAssFile="{abf8c82c-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\WAB\WAB4\Wab File Name\@="{abf8c82d-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell="{abf8c82e-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePasswordCaching="{abf8c82f-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable="{abf8c830-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer="{abf8c831-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell="{abf8c832-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Run\@="{abf8c835-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnce\@="{abf8c834-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@="{abf8c833-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFileNew="{abf8c836-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_current_user\Software\Policies\Microsoft\Windows\Installer\DisableMedia="{abf8c837-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Page_URL="{abf8c843-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Default_Search_URL="{abf8c844-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Local Page="{abf8c845-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Bar="{abf8c846-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Search Page="{abf8c847-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Internet Explorer\Main\Start Page="{abf8c848-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL="{abf8c849-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Internet Explorer\SearchURL\@="{abf8c84a-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\UIHost="{abf8c838-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows Script Host\Settings\Enabled="{abf8c84b-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\@="{abf8c839-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath\@="{abf8c83a-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\ChkDskPath\@="{abf8c83b-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\CleanupPath\@="{abf8c83c-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath\@="{abf8c83d-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching="{abf8c83e-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\HideSharePwds="{abf8c83f-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run\@="{abf8c84e-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnce\@="{abf8c84d-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\@="{abf8c84c-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoAdminLogon="{abf8c84f-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\AutoLogonCount="{abf8c850-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultDomainName="{abf8c851-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultPassword="{abf8c852-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\Winlogon\DefaultUserName="{abf8c853-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\Software\Policies\Microsoft\Windows\Installer\DisableMSI="{abf8c854-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot="{abf8c840-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown="{abf8c841-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Monitor\Snapshot\hkey_local_machine\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword="{abf8c842-2b7f-11da-a712-0050bf961a0f}"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\checkboxes\CH_UPDATE_AUTHENTIFICATE="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\checkboxes\CH_UPDATE_USE_PROXY="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs\TI_UPDATE_PROXY_IP=""»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs\TI_UPDATE_PROXY_PASS=""»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs\TI_UPDATE_PROXY_PORT=""»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\ConnectionSettings\textinputs\TI_UPDATE_PROXY_USER=""»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_BHO="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_DEFAULT_INTERNET_APPLICATIONS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_DEFAULT_PAGES="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_DIALUP_SETTINGS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_DNS_SETTINGS="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_ENABLED="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_GATEWAY="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_HANDLERS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_INTERNET_EXPLORER="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_MIME_FILTERS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_NAMESPACE_HANDLERS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_NETWORK_CONNECTIONS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_PASSWORD_CACHING="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_PROTOCOLS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_PROXY_SETTINGS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\IEShield\checkboxes\CH_ISH_TOOLBARS="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_APPLICATION_ALIASES="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_AUTOMATIC_LOGON="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_COM_COMPONENTS_REGISTRATION="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_CONTEXT_MENUS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_DEFAULT_RULE_FOR_IE_SUBKEYS="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_DISK_CLEAR="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_ENABLED="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_PAGE_FILE_CLEARING="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_PASSWORD_CACHING_REMOVE="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_PREPROCESSOR_BEFORE_COMMAND_LINE="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_SET_SHELL="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_STARTUP="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_SYSTEM_AUTO_REBOOT="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_TIME_SINCHRONIZATION="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_WINDOWS_INSTALLER="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\PCShield\checkboxes\CH_SH_WINDOWS_SCRIPTING="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes\CHK_OPTIONS_MINIMIZEONSTART="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes\CHK_OPTIONS_SCAN_ON_STARTUP="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes\CHK_OPTIONS_SILENT_STARTUP="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Preferences\checkboxes\CHK_OPTIONS_START_ON_STARTUP="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes\CHK_SCAN_BACKGROUND="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes\R_SCAN_DEPTH_DEEP="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes\R_SCAN_DEPTH_NORM="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes\R_SCAN_DEPTH_QUICK="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes\R_SCAN_PRI_HIGH="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes\R_SCAN_PRI_LOW="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Scan\checkboxes\R_SCAN_PRI_NORM="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes\CH_UPDATE_AUTHENTIFICATE="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes\CH_UPDATE_ENABLE_AUTO="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\checkboxes\CH_UPDATE_USE_PROXY="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\Update\textinputs\TI_UPDATE_TIMEOUT="3"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags\aid="43"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags\initialized="1"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\flags\registered="0"»dWord«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\baseUpdated="---"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\cookiesDetected="0"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\cookiesScanned="0"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\coreUpdated="---"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\fileDetected="0"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\fileScanned="0"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\lastScanned="September 22, 2005 at 3:48:32 PM"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\memDetected="0"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\memScanned="20"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\regDetected="3"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\options\WASOptions\strings\regScanned="115263"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Quarantine\QuarantineFolder="C:\PROGRAM FILES\WORLDANTISPY\Quarantine"»String«
HKEY_LOCAL_MACHINE\Software\WorldAntiSpy.com\Scanner\Base="C:\PROGRAM FILES\WORLDANTISPY\Scanner\Base\Base.dat"»String«
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\Known16DLLs\AVICAP.DLL="AVICAP.DLL"»String«
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wscsvc\Start="4"»dWord«

Registry: Gelöschte Werte
--------------------------------------------------

Registry: Veränderte Werte
--------------------------------------------------
HKEY_USERS\.DEFAULT\Software\Nico Mak Computing\WinZip\WinZip
Value "Quick Pick Window Handle": from "536" to "340"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Applications\Notepad.exe\shell
Value "FriendlyCacheCTime": from "5F,16,E8,BF,60,A5,9A,C2" to "5F,16,E8,BF,F0,86,89,C1"»Binary«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32
Value "@": from "C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX" to "C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\DefaultIcon
Value "@": from "C:\Progra~1\Access~1\WORDPAD.EXE,1" to "C:\PROGRA~1\ACCESS~1\WORDPAD.EXE,1"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{73FDDC80-AEA9-101A-98A7-00AA00374959}\LocalServer32
Value "@": from "C:\Progra~1\Access~1\WORDPAD.EXE" to "C:\PROGRA~1\ACCESS~1\WORDPAD.EXE"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32
Value "@": from "C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX" to "C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32
Value "@": from "C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX, 1" to "C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX, 1"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32
Value "@": from "C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX" to "C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32
Value "@": from "C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX, 1" to "C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX, 1"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\DefaultIcon
Value "@": from "C:\WINDOWS\SYSTEM\cool.dll,41" to "C:\PROGRA~1\ACCESS~1\MSPAINT.EXE,1"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\LocalServer32
Value "@": from "C:\PROGRA~1\Access~1\MSPAINT.EXE" to "C:\PROGRA~1\ACCESS~1\MSPAINT.EXE"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}
Value "@": from "DShockwaveFlashEvents" to "_IShockwaveFlashEvents"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Paint.Picture\protocol\StdFileEditing\server
Value "@": from "C:\PROGRA~1\Access~1\MSPAINT.EXE" to "C:\PROGRA~1\ACCESS~1\MSPAINT.EXE"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Paint.Picture\shell\open\command
Value "@": from "C:\PROGRA~1\Access~1\MSPAINT.EXE "%1"" to ""C:\PROGRA~1\ACCESS~1\MSPAINT.EXE" "%1""»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Paint.Picture\shell\print\command
Value "@": from "C:\PROGRA~1\Access~1\MSPAINT.EXE /p "%1"" to ""C:\PROGRA~1\ACCESS~1\MSPAINT.EXE" /p "%1""»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Paint.Picture\shell\printto\command
Value "@": from "C:\PROGRA~1\Access~1\MSPAINT.EXE /pt "%1" "%2" "%3" "%4"" to ""C:\PROGRA~1\ACCESS~1\MSPAINT.EXE" /pt "%1" "%2" "%3" "%4""»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\PBrush\protocol\StdFileEditing\server
Value "@": from "C:\PROGRA~1\Access~1\MSPAINT.EXE" to "C:\PROGRA~1\ACCESS~1\MSPAINT.EXE"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\ShockwaveFlash.ShockwaveFlash\CurVer
Value "@": from "ShockwaveFlash.ShockwaveFlash.1" to "ShockwaveFlash.ShockwaveFlash.8"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32
Value "@": from "C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX" to "C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8.OCX"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Wordpad.Document.1\Protocol\StdFileEditing\Server
Value "@": from "C:\Progra~1\Access~1\WORDPAD.EXE" to "C:\PROGRA~1\ACCESS~1\WORDPAD.EXE"»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Wordpad.Document.1\shell\open\command
Value "@": from "C:\Progra~1\Access~1\WORDPAD.EXE "%1"" to "C:\PROGRA~1\ACCESS~1\WORDPAD.EXE "%1""»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Wordpad.Document.1\shell\print\command
Value "@": from "C:\Progra~1\Access~1\WORDPAD.EXE /p "%1"" to "C:\PROGRA~1\ACCESS~1\WORDPAD.EXE /p "%1""»String«
HKEY_LOCAL_MACHINE\Software\CLASSES\Wordpad.Document.1\shell\printto\command
Value "@": from "C:\Progra~1\Access~1\WORDPAD.EXE /pt "%1" "%2" "%3" "%4" " to "C:\PROGRA~1\ACCESS~1\WORDPAD.EXE /pt "%1" "%2" "%3" "%4""»String«
HKEY_LOCAL_MACHINE\Software\Description\Microsoft\Rpc\UuidPersistentData
Value "LastTimeAllocated": from "60,32,D1,4F,7C,2B,DA,01" to "A0,5E,91,AC,7F,2B,DA,01"»Binary«
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
Value "@": from "Macromedia Flash-speler" to "Macromedia Flash Player 8"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
Value "IsInstalled": from "1" to "01,00,00,00"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
Value "Version": from "5,0,44,0" to "8.0.22.0"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectDraw\MostRecentApplication
Value "ID": from "924266219" to "1030619695"»dWord«
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\063DA67748F0ECCC690D319BCDCD0E72AC8D48D5
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\12519AE9CD777A560184F1FBD54215222E95E71F
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\189271E573FED295A8C130EAF357A20C4A9F115E
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\2D69A20EC4F0CD19037FD6D6246B1EE0EC41BA22
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\7B02312BACC59EC388FEAE12FD277F6A9FB4FAC1
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\9F025D9F58711A605EB0694B0E8BC0CA4F25FD6F
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\BA9E3C32562A67128CAABD4AB0C500BEE1D0C256
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\F6357239B7C39725BD8000646E4A0D18EBCE4CFA
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\FE622EA7B33CA46519AB39736A66B8F6E41FF157
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\0048F8D37B153F6EA2798C323EF4F318A5624A9E
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\0483ED3399AC3608058722EDBC5E4600E3BEF9D7
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\049811056AFE9FD0F5BE01685AACE6A5D1C4454C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\097BCD0AC853BEC62E4C02D53C96C7E532BC724C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\0B77BEBBCB7AA24705DECC0FBD6A02FC7ABD9B52
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\1331F48A5DA8E01DAACA1BB0C17044ACFEF755BB
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\1F55E8839BAC30728BE7108EDE7B0BB0D3298224
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\209900B63D955728140CD13622D8C687A4EB0085
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\216B2A29E62A00CE820146D8244141B92511B279
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\23E594945195F2414803B4D564D2A3A3F5D88B8C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\24A40A1F573643A67F0A4B0749F6A22BF28ABB6B
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\24BA6D6C8A5B5837A48DB5FAE919EA675C94D217
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\273EE12457FDC4F90C55E82B56167F62F532E547
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\284F55C41A1A7A3F8328D4C262FB376ED6096F24
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\2F173F7DE99667AFA57AF80AA2D1B12FAC830338
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\36863563FD5128C7BEA6F005CFE9B43668086CCE
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\394FF6850B06BE52E51856CC10E180E882B385CC
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\3F85F2BB4A62B0B58BE1614ABB0D4631B4BEF8BA
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\4072BA31FEC351438480F62E6CB95508461EAB2F
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\40E78C1D523D1CD9954FAC1A1AB3BD3CBAA15BFC
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\43DDB1FFF3B49B73831407F6BC8B975023D07C50
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\43F9B110D5BAFD48225231B0D0082B372FEF9A54
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\4463C531D7CCC1006794612BB656D3BF8257846F
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\47AFB915CDA26D82467B97FA42914468726138DD
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\4B421F7515F6AE8A6ECEF97F6982A400A4D9224E
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\4BA7B9DDD68788E12FF852E1A024204BF286A8F6
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\4C95A9902ABE0777CED18D6ACCC3372D2748381E
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\4EF2E6670AC9B5091FE06BE0E5483EAAD6BA32D9
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\4EFCED9C6BDD0C985CA3C7D253063C5BE6FC620C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\54F9C163759F19045121A319F64C2D0555B7E073
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\58119F0E128287EA50FDD987456F4F78DCFAD6D4
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\5B4E0EC28EBD8292A51782241281AD9FEEDD4E4C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\5D989CDB159611365165641B560FDBEA2AC23EF1
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\5E5A168867BFFF00987D0B1DC2AB466C4264F956
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\5E997CA5945AAB75FFD14804A974BF2AE1DFE7E1
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\6372C49DA9FFF051B8B5C7D4E5AAE30384024B9C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\6782AAE0EDEEE21A5839D3C0CD14680A4F60142A
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\67EB337B684CEB0EC2B0760AB488278CDD9597DD
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\687EC17E0602E3CD3F7DFBD7E28D57A0199A3F44
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\688B6EB807E8EDA5C7B17C4393D0795F0FAE155F
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\68ED18B309CD5291C0D3357C1D1141BF883866B1
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\69BD8CF49CD300FB592E1793CA556AF3ECAA35FB
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\6A174570A916FBE84453EED3D070A1D8DA442829
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\720FC15DDC27D456D098FABF3CDD78D31EF5A8DA
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\74207441729CDD92EC7931D823108DC28192E2BB
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\7639C71847E151B5C7EA01C758FBF12ABA298F7A
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\78E9DD0650624DB9CB36B50767F209B843BE15B3
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\7A74410FB0CD5C972A364B71BF031D88A6510E9E
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\7AC5FFF8DCBC5583176877073BF751735E9BD358
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\7CA04FD8064C1CAA32A37AA94375038E8DF8DDC0
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\7E784A101C8265CC2DE1F16D47B440CAD90A1945
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\8045CD68BBA0519D2BB7988D449CC4DBE85DDFEA
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\81968B3AEF1CDC70F5FA3269C292A3635BD123D3
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\838E30F77FDD14AA385ED145009C0E2236494FAA
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\85A408C09C193E5D51587DCDD61330FD8CDE37BF
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\879F4BEE05DF98583BE360D633E70D3FFE9871AF
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\9078C5A28F9A4325C2A7C73813CDFE13C20F934E
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\90AEA26985FF14804C434952ECE9608477AF556F
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\90DEDE9E4C4E9F6FD88617579DD391BC65A68964
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\96974CD6B663A7184526B1D648AD815CF51E801A
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\97817950D81C9670CC34D809CF794431367EF474
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\9BACF3B664EAC5A17BED08437C72E4ACDA12F7E7
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\9E6CEB179185A29EC6060CA53E1974AF94AF59D4
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\9FC796E8F8524F863AE1496D381242105F1B78F5
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\A399F76F0CBF4C9DA55E4AC24E8960984B2905B6
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\A3E31E20B2E46A328520472D0CDE9523E7260C6D
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\A5EC73D48C34FCBEF1005AEB85843524BBFAB727
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\A6B5F1DA3615F8854041F9223BEDAC5FE9F7CB09
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\AB48F333DB04ABB9C072DA5B0CC1D057F0369B46
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\ACED5F6553FD25CE015F1F7A483B6A749F6178C6
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\B172B1A56D95F91FE50287E14D37EA6A4463768A
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\B19DD096DCD4E3E0FD676885505A672C438D4E9C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\B3EAC44776C9C81CEAF29D95B6CCA0081B67EC9D
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\B5D303BF8682E152919D83F184ED05F1DCE5370C
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\B6AF5BE5F878A00114C3D7FEF8C775C34CCD17B6
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\B72FFF92D2CE43DE0A8D4C548C503726A81E2B93
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\BC9219DDC98E14BF1A781F6E280B04C27F902712
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\CFDEFE102FDA05BBE4C78D2E4423589005B2571D
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\CFF360F524CB20F1FEAD89006F7F586A285B2D5B
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\CFF810FB2C4FFC0156BFE1E1FABCB418C68D31C5
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\D23209AD23D314232174E40D7F9D62139786633A
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\D29F6C98BEFC6D986521543EE8BE56CEBC288CF3
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\D2EDF88B41B6FE01461D6E2834EC7C8F6C77721E
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\DA40188B9189A3EDEEAEDA97FE2F9DF5B7D18A41
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\DBAC3C7AA4254DA1AA5CAAD68468CB88EEDDEEA8
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\E392512F0ACFF505DFF6DE067F7537E165EA574B
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\E4554333CA390E128B8BF81D90B70F4002D1D6E9
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\E5DF743CB601C49B9843DCAB8CE86A81109FE48E
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\EBBC0E2D020CA69B222C2BFFD203CB8BF5A82766
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\EC0C3716EA9EDFADD35DFBD55608E60A05D3CBF3
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\EF2DACCBEABB682D32CE4ABD6CB90025236C07BC
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\F44095C238AC73FC4F77BF8F98DF70F8F091BC52
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\F88015D3F98479E1DA553D24FD42BA3F43886AEF
Value "Blob": binary data changed
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Value "@": from "C:\WINDOWS\TEMP\hijackthis.exe" to "C:\WINDOWS\DESKTOP\hijackthis.exe"»String«
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Value "Path": from "C:\WINDOWS\TEMP" to "C:\WINDOWS\DESKTOP"»String«
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Power
Value "AcPolicy": binary data changed
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Power
Value "DcPolicy": binary data changed
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Shutdown
Value "SetupProgramRan": from "1" to "2"»dWord«
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\DHCP
Value "010050BF961A0F": binary data changed
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\DHCP\DhcpInfo00
Value "Lease": from "7F,33,06,00" to "41,2E,06,00"»Binary«
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\DHCP\DhcpInfo00
Value "LeaseObtainedTime": from "F7,23,64,30" to "36,29,64,30"»Binary«
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\DHCP\DhcpInfo00
Value "LeaseTerminatesTime": from "76,57,6A,30" to "77,57,6A,30"»Binary«
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\DHCP\DhcpInfo00
Value "OptionInfo": binary data changed
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\DHCP\DhcpInfo00
Value "T1": from "B6,3D,67,30" to "56,40,67,30"»Binary«
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\DHCP\DhcpInfo00
Value "T2": from "F6,19,69,30" to "03,1B,69,30"»Binary«
--------------------------------------------------
W.O.R.C. Systemänderungsbericht Ende

Bin ich jetzt glücklich? lol

__________
MfG Argus

22.09.2005, 16:47

Argus

Ehrenmitglied
Themenstarter

Beiträge: 6028

#4 smitRem log file
version 2.3

by noahdfear

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

Online Dating.lnk

~~~ Favorites ~~~

~~~ system folder ~~~

oleext.dll

~~~ Icons in system folder ~~~

~~~ Windows directory ~~~

desktop.html

~~~ Drive root ~~~

~~~~ wininet.dll ~~~~

wininet.dll Present!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system folder ~~~

oleext.dll

~~~ Icons in system folder ~~~

~~~ Windows directory ~~~

desktop.html

~~~ Drive root ~~~

~~~~ wininet.dll ~~~~

wininet.dll INFECTED!!

http://img290.imageshack.us/my.php?image=smitfraud1ta.png
__________
MfG Argus

Dieser Beitrag wurde am 22.09.2005 um 17:24 Uhr von Arnold editiert.

22.09.2005, 21:10

Argus

Ehrenmitglied
Themenstarter

Beiträge: 6028

#5 Wenn man mit KIllbox die infizierten Daten entfernt
werden sie unter !Submit wieder inzu gefügt
http://img23.imageshack.us/my.php?image=submit1tp.png

Panda ActiveScan
Spyware/smitfraud -C:\WINDOWS\SYSTEM\OLEEXT.DLL No disinfected
Virus:W32/Smitfraud.D -Operating system Disinfected
Adware:adware/adsmart -C:\WINDOWS\TEMP\pi.sys No disinfected
Spyware/smitfraud -C:\WINDOWS\SYSTEM\oleext.dll No disinfected
Adware/antivirus-gold -C:\WINDOWS\desktop.html No disinfected
Adware:adware program -C:\WINDOWS\flag.bla No disinfected
Adware:adware/psguard -Windows Registry No disinfected
Virus:W32/Smitfraud.D -C:\WINDOWS\SYSTEM\WININET.DLL Disinfected

Spy Sweeper
http://img231.imageshack.us/my.php?image=spysweeper18kf.png
__________
MfG Argus

Dieser Beitrag wurde am 23.09.2005 um 00:59 Uhr von Arnold editiert.

22.09.2005, 23:58

Sabina

Ehrenmitglied

Beiträge: 29434

#6 oeffne mal die C:\WINDOWS\WININIT.BAK und poste, was drin steht

__________
MfG Sabina

rund um die PC-Sicherheit

23.09.2005, 01:02

Argus

Ehrenmitglied
Themenstarter

Beiträge: 6028

#7 [rename]
C:\AUTOEXEC.BAT=C:\AUTOEXEC.PAV
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\51F0.TMP
__________
MfG Argus

23.09.2005, 01:31

Sabina

Ehrenmitglied

Beiträge: 29434

#8 riskiere es mal: rausloeschen, lade vorher aber eine sauber WININET.DLL, die du dann in System kopierst. Mich interessiert, ob das gutgeht

C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\51F0.TMP
__________
MfG Sabina

rund um die PC-Sicherheit

23.09.2005, 01:44

Gool

Member

Beiträge: 4730

#9 Könnte man sich nicht auch darauf einigen, dass WORC-Berichte in einer Text-Datei online gestellt werden, da die Postings sonst ellenlang werden und sowieso nicht alles in _ein_ Posting passt?

btw. wo Du Dich so auf die wininit.bak stürzt... ist es normal, dass

C:\WINDOWS\WIN.INI
C:\WINDOWS\SYSTEM.INI

verändert werden? Ich glaube nicht. Da sollte man evtl. auch mal einen Blick hinein riskieren, oder?
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser

23.09.2005, 09:32

Sabina

Ehrenmitglied

Beiträge: 29434

#10

Zitat

Managor postete
Könnte man sich nicht auch darauf einigen, dass WORC-Berichte in einer Text-Datei online gestellt werden, da die Postings sonst ellenlang werden und sowieso nicht alles in _ein_ Posting passt?

btw. wo Du Dich so auf die wininit.bak stürzt... ist es normal, dass

C:\WINDOWS\WIN.INI
C:\WINDOWS\SYSTEM.INI

verändert werden? Ich glaube nicht. Da sollte man evtl. auch mal einen Blick hinein riskieren, oder?

in allen Punkten hast du recht

Arnold, hast du webspace? wenn nicht, lade ich die Datei hoch, ich warte nur auf deine Antwort.

und ueberpruefe auch die C:\WINDOWS\WIN.INI
C:\WINDOWS\SYSTEM.INI
__________
MfG Sabina

rund um die PC-Sicherheit

23.09.2005, 11:26

Argus

Ehrenmitglied
Themenstarter

Beiträge: 6028

#11 Ihr seit zu spät,habe CCleaner benutzt
die wininit.bak ist weg
Was Webspace betrifft ich werde mir darum kümmern
SmitRem sagt,mein wininet.dll ist sauber
eSvan AV findet nichts sowie ActiveScan

Zur Infectection noch das folgende:
Musste die Daten von Ethernet Adapter neu einführen bekam ein DNS error
"Server konnte nicht gefunden" werden
Als ich mein XP Rechner wieder ans Modem anschloss musste die IP-Adresse erneuert werden.
Also beide kriegen was von der Infektion zu spüren

Hab auch die "Aktive Destop de-aktifiert und werde heute mittag diesen alten Rechner wieder infizieren lassen und schauen was passiert
Wenn ich Aktive Destop aktifiere tun die desktop icons nichts

@Sabina
Und nebenbei,mein XP Rechner war auch noch NIE infiziert

__________
MfG Argus

23.09.2005, 12:48

Sabina

Ehrenmitglied

Beiträge: 29434

#12 @Sabina

Zitat

Und nebenbei,mein XP Rechner war auch noch NIE infiziert

warum schreibst du das ??? Hab ich irgendwo was falsches gesagt?
__________
MfG Sabina

rund um die PC-Sicherheit

24.09.2005, 15:56

Argus

Ehrenmitglied
Themenstarter

Beiträge: 6028

#13 Heute morgen wieder infiziert
Kann am Wochenende jetzt online Sportwetten
online ein Casino spielchen machen und wenn kein Geld gewonnen wird kann ich online Prozac kaufen um ruhig zu werden lol

Und natürlich ein Anti Spyware Program kaufen

Im allgemeinen bleibt alles dasselbe,roter Hintergrund und die Smitfraud infection
Logfile of HijackThis v1.99.1
Scan saved at 9:17:26, on 24-9-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\SVCNVT.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\WORC\WORC.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm#IDxMS;230905;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\ZOLKER010.DLL
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\PERFORMENT003.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
O4 - HKLM\..\Run: [Mscc] "C:\WINDOWS\SYSTEM\2570199.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} - C:\WINDOWS\SYSTEM\birdihuy32.dll

DatFind.bat
Het volume in station C heeft geen naam.
Het volumenummer is 3D26-13D8
Map van C:\.

SYS TXT 0 24-09-05 9:10 sys.txt
SYSTEM TXT 12.906 24-09-05 9:10 system.txt
SYSTEM~1 TXT 376 24-09-05 9:10 systemtemp.txt
SYSTEM32 TXT 438 24-09-05 9:10 system32.txt
SCANDISK LOG 548 24-09-05 9:03 SCANDISK.LOG
SPYWAR~1 URL 142 24-09-05 8:19 Spyware Remover.url
POPUPB~1 URL 140 24-09-05 8:19 PopUp Blocker.url

Het volume in station C heeft geen naam.
Het volumenummer is 3D26-13D8
Map van C:\WINDOWS.

WIN386 SWP 50.331.648 24-09-05 9:10 WIN386.SWP
USER DAT 311.328 24-09-05 9:07 USER.DAT
SYSTEM DAT 3.346.464 24-09-05 9:04 SYSTEM.DAT
SCHEDLOG TXT 3.148 24-09-05 9:03 SchedLog.Txt
SYSTEM INI 1.947 24-09-05 9:03 SYSTEM.INI
WAVEMIX INI 54 24-09-05 9:03 WAVEMIX.INI
POWERPNT INI 60 24-09-05 9:03 POWERPNT.INI
NDISLOG TXT 0 24-09-05 9:03 NDISLOG.TXT
ZSETTI~1 DLL 926 24-09-05 8:20 zsettings.dll
WININIT BAK 100 24-09-05 8:18 WININIT.BAK
FLAG BLA 2 24-09-05 8:18 flag.bla
DESKTO~1 HTM 2.116 24-09-05 8:18 desktop.html

Het volume in station C heeft geen naam.
Het volumenummer is 3D26-13D8
Map van C:\WINDOWS\SYSTEM32.

SHDOCNVT DLL 12.288 24-09-05 8:18 shdocnvt.dll
SVCNVT EXE 25.600 24-09-05 8:17 svcnvt.exe

Het volume in station C heeft geen naam.
Het volumenummer is 3D26-13D8
Map van C:\WINDOWS\TEMP.

SYSTEM BAT 174 24-09-05 9:03 System.bat
SETUP EXE 3.784.816 24-09-05 8:29 setup.exe

Panda ActiveScan
Incident Status Location

Virus:Trj/Zhenya.A Disinfected C:\WINDOWS\SYSTEM\birdihuy32.dll
Spyware:spyware/smitfraud No disinfected C:\WINDOWS\SYSTEM\oleext.dll
Virus:W32/Smitfraud.D Disinfected C:\WINDOWS\SYSTEM\WININET.DLL
Adware:Adware/AzeSearch No disinfected C:\WINDOWS\SYSTEM\zolker010.dll
Virus:Trj/Downloader.EGR Disinfected C:\WINDOWS\SYSTEM\performent003.dll
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\svcnvt.exe
Adware:adware/adsmart No disinfected C:\WINDOWS\TEMP\pi.sys
Adware:Adware/AzeSearch No disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[2502875.exe]
Virus:Trj/Downloader.EGR Disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[2553288.exe]
Adware:Adware/AzeSearch No disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[2557986.exe]
Adware:Adware/Tubby No disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[2613712.exe]
Adware:Adware/Tubby No disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[2624785.exe]
Virus:Trj/Zhenya.A Disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[birdihuy32.dll]
Virus:Trj/Downloader.EGR Disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[performent003.dll]
Adware:Adware/AzeSearch No disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[zolker010.dll]
Adware:Adware/AzeSearch No disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[ztoolb010.dll]
Possible Virus. No disinfected C:\Program Files\Worc\Backup\24-9-05101836.bak[svcnvt.exe]

Habe WORC also entfernt
Diese warnungen kommen auch bei Backups von HJ wenn man bestimmte Virenscanner benutzt

Und den Inhalt von Index.dat dan weiss man ja was so passiert im Rechner

Argus@http://26.topnssearch.com/popup.php?track=05&q=ambulance
Argus@http://www.clicksearchclick.biz/search.php?aff=100&q=casino%20international%20online"
Argus@:Host: imgs.klikfind.com"
Argus@http://morwillsearch.com/results.php?q=casino%20international%20online"
Argus@http://www.paysefeed.com/search.php?aid=930&q=casino%20international%20online"
Argus@:Host: www.paysefeed.com"
Argus@http://26.topnssearch.com/search.php?track=10"
Argus@:Host: 26.topnssearch.com"
Argus@http://26.topnssearch.com/search_pop.php?track=05&q=free%20ringtones"
Argus@http://www.mightyslots.com/index.shtml"
Argus@:Host: www.netster.com"
Argus@http://66.246.209.224/kklik2.php?data=26jIHcbbwh32dJicop6wjxZJoH4HULk71cAKD
yEORq3OEb6Bv333IqkZxMIadqYKLJShLXjHtcRNTbpN%2BUWUsVwNIXaeMZgi6cOwHja4vMFRNAR9b2Qe
J%2FyjecKh3t1bIulcDWoCAPkF%2BHpvClGtVVmIw%2Fb%2Bi%2B9kL0I9eQPZAxfyhnkJR3SYZzcub67
bnw3osegEdOI8TubKCwqK1uwAtO80y07BTN3I1HW9e8zVyUiTADekTu9iTPvFjdP5ci%2Fs8253obTcKY
a8H9FzbE2gt0Xigb9uvAYGdkdisspKkD03RGhtejmn3WVTCQUhY%2BGc06ppi2FZnJd0MYkFckjFXgaWe
N8cu1pO86WlEUXU5aTMFgPIj9bQPGhXkXeH9gRpQYxBeoFDXt4HiHBMLYCCCQ3agzBH9x9rHggbjgpe6%
2BrJroOlwPCzozRxJyuX5ZqlChwQXC8FQJO2pjm7zeYrrQqyDIL5FOKPaXmitLHtyD8CxRDn%2BbmpMWm
ARAY2Y%2F6uAu4zrNrLaoG5hArTEvDKYOpQpITt1CqOLB5u6okPUSpWwwu0Zp2JYVdzO3X%2Byb38"
Argus@:Host: 66.246.209.224"
Argus@http://www.vip-se.com/search.php?said=6102&qq=casino%20international%20online"
Argus@:Host: www.clicksearchclick.biz"
Argus@:Host: xml1.paysefeed.com"
Argus@:Host: www.mightyslots.com"
Argus@http://www.netster.com/results/results_track2.asp?sl=0&Keywords=spyware"
Argus@http://xml1.paysefeed.com/payse.php?c=8JUU10ULT6iwqudCYxCxFRWMrwmtj6vfYPvj3
a9u%2BOQgL1HboYcb%2FlzBeQkOhXfh0boaD3L00Ie7kQGxWmo2oBW1dPjt%2FfOVrspR9DA9evLp2xD1
vrnvtCMaTr%2BvL25tNfSexBY0YOCPzsmGp8vE%2BYK%2F2iZNFXCWVaFE0UCWUXCuMbcnXzAuiR0dNcZ
Am0ATLKo0T%2BkQj9o6L2aJ0z998ZzP3QPBn0rtA9R3Sn246Zpl6woY7v9Be6GY3vOx2PHRe6tSUleF5G
yjSmyactSM3tCG1CO3ld%2B7cmi%2BzZ8NhfD3y2xa5GvkqfqvCuQbnMWEHJ0SeJjNyJrS1yQwV%2BNHw
btlzQs7sFYZf7oKjhIXs2361ZASMDtfnto1yFJOHpbt"
Argus@http://www.sportsinteraction.com/sportsbook/bonus.cfm?prid=7720"
Argus@:Host: www.sportsinteraction.com"
Argus@http://www.paysefeed.com/search.php?q=Health%20Insurance&aid=930"
Argus@http://imgs.klikfind.com/search.php?aff=735&q=Prozac"
Argus@:Host: www.vip-se.com"
Argus@http://imgs.klikfind.com/search.php?aff=735&q=spyware"
Argus@:Host: morwillsearch.com"
Argus@http://morwillsearch.com/results.php?q=buy%20phentermine"
Argus@:Host: fet212.bondreal.com"
Argus@http://fet212.bondreal.com/mwsfeed.php?qq=spyware"
Argus@http://fet212.bondreal.com/mwsfeed.php?qq=Home+"
Argus@file:///C:/WINDOWS/desktop.html"
Argus@http://www.securityiguard.com/?wm=webm&sub=subacc"
Argus@:Host: www.securityiguard.com"
Argus@http://26.topnssearch.com/search.php?track=05&q=online+pharmacy"

Darum muss "Hoster"benutzen um die Hostsdatei zu "Restoren"

Auch unter Downloaded Program Files
{D27CDB6E-AE6D-11CF-96B8-444553540000}
Macromedia Flash Player entfernt version 8.0.22.0
Aufs neuen installiert nun steht da
Shockwave Flash Object
Man kan dieser Object nicht ohne weiteres enfernen man muss unter
C:\Windows\System\Macromed erst die Datei "Flash" entfernen

Als cleaner jetzt Cleanup! benutzt

@Sabina
Wenn das mit den Index.dat zu gefärlich ist,entferne es
__________
MfG Argus

24.09.2005, 22:25

Sabina

Ehrenmitglied

Beiträge: 29434

#14

Zitat

Wenn das mit den Index.dat zu gefärlich ist,entferne es

nee, es ist nicht gefaehrlich, ich hoffe doch sehr, dass niemand da draufklickt

???????????

C:\WINDOWS\WININIT.BAK
C:\WINDOWS\WIN.INI
C:\WINDOWS\SYSTEM.INI

wenn du dann beim Casinospielchen was gewonnen hast, schick was nach lissabon rueber

...nur das bitte, den Rest hab ich diskret ueberlesen

wann hast du webspace ? soll ich alles schon hochladen ?
__________
MfG Sabina

rund um die PC-Sicherheit

26.09.2005, 20:26

Argus

Ehrenmitglied
Themenstarter

Beiträge: 6028

#15 Wer kann den Titel "WorldAntiSpy"ändern nach 502 EPA Warning denn das ist die Startseite verursacht durch
"res://C:\WINDOWS\system32\shdocnv.dll/warningAPI.htm#ID=MS038005;BGW
Man kann sich die Startseite auch ansehen unter http://205.177.122.27/securityAPI.dll?xC02 nicht erschrecken!

Ich hab mich heutnacht nochmals infizieren lassen auf eine P****seite(eine andere)
Da wurde auch PSGuard mit installiert
Im log von HJ steht nicht von PSguard
Hab auch noch ein richtigen WORC log,nicht so gross wie der andere

Logfile of HijackThis v1.99.1
Scan saved at 1:36:43, on 26-9-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocnvt.dll/warningAPI.htm#IDxMS;230905;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Taakcontrole] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Fast Home] C:\WINDOWS\system32\svcnvt.exe home
O4 - HKLM\..\Run: [Mscc] "C:\WINDOWS\SYSTEM\3292227.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

W.O.R.C. Systemänderungsbericht
Erstellt: 26-9-05 1:56:44

Dateisystem: Hinzugekommene Verzeichnisse
--------------------------------------------------
C:\Program Files\PSGuard\
C:\WINDOWS\Desktop\backups\
C:\WINDOWS\History\History.IE5\MSHist012005091920050926\
C:\WINDOWS\History\History.IE5\MSHist012005092620050927\

Dateisystem: Gelöschte Verzeichnisse
--------------------------------------------------
C:\WINDOWS\History\History.IE5\MSHist012005092520050926\

Dateisystem: Hinzugekommene Dateien
--------------------------------------------------
C:\PopUp Blocker.url
C:\Program Files\PSGuard\Core.dll
C:\Program Files\PSGuard\Localization.dll
C:\Program Files\PSGuard\msvcp71.dll
C:\Program Files\PSGuard\msvcr71.dll
C:\Program Files\PSGuard\PSGuard.exe
C:\Program Files\PSGuard\WndSystem.dll
C:\Spyware Remover.url
C:\WINDOWS\All Users\Desktop\Blowjob.url
C:\WINDOWS\All Users\Desktop\Car Insurance.url
C:\WINDOWS\All Users\Desktop\Cigarettes Discount.url
C:\WINDOWS\All Users\Desktop\Credit Card.url
C:\WINDOWS\All Users\Desktop\Forex Trading.url
C:\WINDOWS\All Users\Desktop\Free Ringtones.url
C:\WINDOWS\All Users\Desktop\Gift Ideas.url
C:\WINDOWS\All Users\Desktop\Group Sex.url
C:\WINDOWS\All Users\Desktop\Home Loan.url
C:\WINDOWS\All Users\Desktop\Mp3 Download.url
C:\WINDOWS\All Users\Desktop\Online Casino.url
C:\WINDOWS\All Users\Desktop\Online Dating.url
C:\WINDOWS\All Users\Desktop\Phentermine.url
C:\WINDOWS\All Users\Desktop\Play Poker.url
C:\WINDOWS\All Users\Desktop\PopUp Blocker.url
C:\WINDOWS\All Users\Desktop\Porn Dvd.url
C:\WINDOWS\All Users\Desktop\Real Estate.url
C:\WINDOWS\All Users\Desktop\Sport Betting.url
C:\WINDOWS\All Users\Desktop\Spyware Remover.url
C:\WINDOWS\All Users\Desktop\Texas Holdem.url
C:\WINDOWS\All Users\Desktop\Viagra.url
C:\WINDOWS\APPLOG\3292227.LGC
C:\WINDOWS\desktop.html
C:\WINDOWS\flag.bla
C:\WINDOWS\History\History.IE5\MSHist012005091920050926\index.dat
C:\WINDOWS\History\History.IE5\MSHist012005092620050927\index.dat
C:\WINDOWS\ShellIconCache
C:\WINDOWS\SYSBCKUP\rb004.cab
C:\WINDOWS\SYSTEM\3222750.exe
C:\WINDOWS\SYSTEM\3265037.exe
C:\WINDOWS\SYSTEM\3268216.exe
C:\WINDOWS\SYSTEM\3279741.exe
C:\WINDOWS\SYSTEM\3292227.exe
C:\WINDOWS\SYSTEM\3309997.exe
C:\WINDOWS\SYSTEM\3357730.exe
C:\WINDOWS\SYSTEM\3369217.exe
C:\WINDOWS\SYSTEM\3381239.exe
C:\WINDOWS\SYSTEM\birdihuy.dll
C:\WINDOWS\SYSTEM\birdihuy32.dll
C:\WINDOWS\SYSTEM\intell32.exe
C:\WINDOWS\SYSTEM\kfsdfksldfk.fgi
C:\WINDOWS\SYSTEM\oleext.dll
C:\WINDOWS\SYSTEM\p2hhr.bat
C:\WINDOWS\SYSTEM\phhr.bat
C:\WINDOWS\SYSTEM\zlokdfs9.leo
C:\WINDOWS\SYSTEM\ztoolb011.dll
C:\WINDOWS\SYSTEM32\shdocnvt.dll
C:\WINDOWS\SYSTEM32\svcnvt.exe
C:\WINDOWS\xslfdl9x.bat
C:\WINDOWS\zsettings.dll

Dateisystem: Gelöschte Dateien
--------------------------------------------------
C:\WINDOWS\History\History.IE5\MSHist012005092520050926\index.dat

Dateisystem: Veränderte Dateien
--------------------------------------------------
C:\WINDOWS\WININIT.BAK
C:\WINDOWS\WIN386.SWP
C:\WINDOWS\WAVEMIX.INI
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\SYSTEM\WININET.DLL
C:\WINDOWS\SYSTEM.INI
C:\WINDOWS\SYSTEM.CB
C:\WINDOWS\SchedLog.Txt
C:\WINDOWS\POWERPNT.INI
C:\WINDOWS\NDISLOG.TXT
C:\WINDOWS\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\WINDOWS\History\History.IE5\index.dat
C:\WINDOWS\APPLOG\APPLOG.ind
C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
C:\WINDOWS\Application Data\Microsoft\HTML Help\hh.dat
C:\SCANDISK.LOG
C:\BOOTLOG.TXT
C:\BOOTLOG.PRV
--------------------------------------------------
W.O.R.C. Systemänderungsbericht Ende

Plötzlich war da auch ein W98backup.cab unter "Meine Dokumente"
Nie gewusst dass Win98se backups macht

Zitat

C:\WINDOWS\WIN.INI
C:\WINDOWS\SYSTEM.INI

stehen beide in diesen Cabfile
__________
MfG Argus

Dieser Beitrag wurde am 27.09.2005 um 01:11 Uhr von Arnold editiert.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2