Rotes Kreuz und Spyaxe wie weiter..? |
||
---|---|---|
#0
| ||
11.12.2005, 23:51
Member
Themenstarter Beiträge: 18 |
||
|
||
12.12.2005, 00:23
Ehrenmitglied
Beiträge: 29434 |
#17
SmitRem2.8
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste die Textdatei in den Thread __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.12.2005, 21:57
Member
Themenstarter Beiträge: 18 |
#18
smitRem © log file
version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ shopping ~~~ system32 folder ~~~ ld****.tmp mssearchnet.exe ncompat.tlb ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1656 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ shopping ~~~ system32 folder ~~~ mssearchnet.exe ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! |
|
|
||
13.12.2005, 00:56
Ehrenmitglied
Beiträge: 29434 |
#19
bam
deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder) http://virus-protect.org/systemwiederherstellung.html scanne mit Kaspersky --> poste den scanbericht http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.12.2005, 21:27
Member
Themenstarter Beiträge: 18 |
#20
--------------------------------- Anti-Spyware session started ---------------------------------
'SOFTWARE\Microsoft\Windows\CurrentVersion\Run' Program Startup Areas: Found 'wininet.dll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' Program Startup Areas: Found 'kernel32.dll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' Program Startup Areas: Found 'SpybotSD TeaTimer' in 'S-1-5-21-1409082233-1767777339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' Scanning is stopping... Scanning is stopping... --------------------------------- Anti-Spyware session started --------------------------------- |
|
|
||
14.12.2005, 11:39
Ehrenmitglied
Beiträge: 29434 |
#21
bam
mit der rechten Maustaste auf den Link klicken und aus dem Auswahlmenü, Ziel speichern unter -> Desktop wählen -> dann erscheint eine mcor.reg auf dem Bildschirm http://virus-protect.org/reg/mcor.reg boote in den abgesicherten modus und klicke auf die reg doppelt und fuege sie der Registry bei scanne mit etrust --> poste den scanbericht http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.12.2005, 14:18
Member
Themenstarter Beiträge: 18 |
#22
Sabina
Wie bereits gepostet, habe ich im abgesicherten Modus die mcor.reg nicht auf dem Desktop. Ich musste über das Laufwerk A: das mcor.reg der Registry beifügen. Adtech.de Tracking Cookie Tracking Cookie "Adtech.de" gefunden in: Cookie "intel@adtech[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@adtech[1].txt" Weitere Infos As1.falkag.de Tracking Cookie Tracking Cookie "As1.falkag.de" gefunden in: Cookie "intel@as1.falkag[2].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@as1.falkag[2].txt" Weitere Infos AtlasDMT.com Tracking Cookie Tracking Cookie "AtlasDMT.com" gefunden in: Cookie "intel@atdmt[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@atdmt[1].txt" Weitere Infos Citi.BridgeTrack Tracking Cookie Tracking Cookie "Citi.BridgeTrack" gefunden in: Cookie "intel@citi.bridgetrack[2].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@citi.bridgetrack[2].txt" Weitere Infos DoubleClick Tracking Cookie Tracking Cookie "DoubleClick" gefunden in: Cookie "intel@doubleclick[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@doubleclick[1].txt" Weitere Infos Mediaplex.com Tracking Cookie Tracking Cookie "Mediaplex.com" gefunden in: Cookie "intel@mediaplex[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@mediaplex[1].txt" Weitere Infos QuestionMarket.com Tracking Cookie Tracking Cookie "QuestionMarket.com" gefunden in: Cookie "intel@questionmarket[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@questionmarket[1].txt" Weitere Infos DealTime Tracking Cookie Tracking Cookie "DealTime" gefunden in: Cookie "intel@stat.dealtime[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@stat.dealtime[1].txt" Weitere Infos Statcounter Tracking Cookie Tracking Cookie "Statcounter" gefunden in: Cookie "intel@statcounter[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@statcounter[1].txt" Weitere Infos WebTrends Tracking Cookie Tracking Cookie "WebTrends" gefunden in: Cookie "intel@statse.webtrendslive[1].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@statse.webtrendslive[1].txt" Weitere Infos TradeDoubler.com Tracking Cookie Tracking Cookie "TradeDoubler.com" gefunden in: Cookie "intel@tradedoubler[2].txt" File "C:\Dokumente und Einstellungen\INTEL\Cookies\intel@tradedoubler[2].txt" Weitere Infos Trojan.Win32.StartPage.adh Homepage Hijacker |
|
|
||
18.12.2005, 20:10
Ehrenmitglied
Beiträge: 29434 |
#23
bam
gehe in die Registry Start-->Ausfuehren--> regedit loesche : (falls es noch da ist.......) 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ all-tgp.org free-spy-cam.net loadcash.biz usw..... --------------------------------------------------------------------------- abgesehen von den Cookies scheint alles in Ordnung zu sein Zitat Cookies im Browser sperren!lade den Firefox (falls du ihn noch nicht hast) und surfe nur noch mit ihm) http://virus-protect.org/firefox.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.12.2005, 23:18
Member
Themenstarter Beiträge: 18 |
#24
Sabine
Ich glaube nicht noch nicht ganz daran :-(! Habe die folgende Datei gescannt. Das smitfraud-C. kann Spaybot nicht löschen. Wie kann ich diese eliminieren ? Jottis Malwarescan 2.99-TRANSITION_TO_3.00 Datei, die hochgeladen und gescannt werden soll: Dienst Auslastung: 0% 100% Datei: mssearchnet.exe Status: INFIZIERT/MALWARE Entdeckte Packprogramme: PE_PATCH, UPACK AntiVir Trojan/Agent.AP.28.1 gefunden ArcaVir Trojan.Downloader.Zlob.Cm gefunden Avast Keine Viren gefunden AVG Antivirus Downloader.Generic.MKU gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Trojan.MulDrop.3122 gefunden F-Prot Antivirus Keine Viren gefunden Fortinet W32/Zlob.CM!dldr gefunden Kaspersky Anti-Virus Trojan-Downloader.Win32.Zlob.cm gefunden NOD32 Win32/TrojanDownloader.Zlob.AP gefunden Norman Virus Control W32/Zlob.EI gefunden UNA Keine Viren gefunden VBA32 Trojan-Downloader.Win32.Zlob.cm gefunden |
|
|
||
19.12.2005, 10:54
Ehrenmitglied
Beiträge: 29434 |
#25
bam
kopiere bitte noch mal die 4 Textdateien (1 Monat vom Datum her genuegt) http://virus-protect.org/datfindbat.html Zitat Verzeichnis von C:\WINDOWS\system32dann scanne mit dr.web, der erkennt/loescht die Malware http://virus-protect.org/cureit.html SpyAxe http://virus-protect.org/artikel/spyware/spyaxe.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.12.2005, 22:14
Member
Themenstarter Beiträge: 18 |
#26
Sabina
Anbei die 4 Textdateien (1 Monat zurück) nachher mit dr.web gescannt. Gelöscht wurde mscornet.exe, A000028.exe,mssearchnet.exe! Soll ich Anleitung - remove Spyaxe durchgehen? 17.12.2005 13:54 164 ncompat.tlb 17.12.2005 12:11 2'206 wpa.dbl 11.12.2005 23:49 2'154 tmmute.ini 10.12.2005 16:14 9'720 mssearchnet.exe 03.12.2005 15:07 2'050 DslWz.log 03.12.2005 12:29 40'972 perfc009.dat 03.12.2005 12:29 314'644 perfh009.dat 03.12.2005 12:29 320'424 perfh007.dat 03.12.2005 12:29 49'372 perfc007.dat 03.12.2005 12:29 725'674 PerfStringBackup.INI 02.12.2005 22:35 124'167 SYMEVNT.386 02.12.2005 22:35 83'208 S32EVNT1.DLL 02.12.2005 22:11 241'536 FNTCACHE.DAT 02.12.2005 12:18 253 spupdwxp.log 02.12.2005 11:42 25'065 wmpscheme.xml 02.12.2005 11:17 261 $winnt$.inf 02.12.2005 11:14 2'951 CONFIG.NT 02.12.2005 11:14 16'832 amcompat.tlb 02.12.2005 11:14 23'392 nscompat.tlb 02.12.2005 11:12 488 WindowsLogon.manifest 02.12.2005 11:12 488 logonui.exe.manifest 02.12.2005 11:12 749 nwc.cpl.manifest 02.12.2005 11:12 749 wuaucpl.cpl.manifest 02.12.2005 11:12 749 ncpa.cpl.manifest 02.12.2005 11:12 749 sapi.cpl.manifest 02.12.2005 11:12 749 cdplayer.exe.manifest 02.12.2005 11:10 21'740 emptyregdb.dat 02.12.2005 10:55 0 h323log.txt 15.11.2005 12:12 126'680 GCCollection.dll 15.11.2005 12:12 117'976 hashlib.dll 15.11.2005 12:12 95'448 gcUnCompress.dll 22.04.2005 11:58 328'128 gcTypLibA.tlb 04.08.2004 01:12 1'788 dcache.bin |
|
|
||
20.12.2005, 02:59
Ehrenmitglied
Beiträge: 29434 |
#27
zu loeschen waere noch:
KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html C:\WINDOWS\system32\ncompat.tlb C:\WINDOWS\system32\mssearchnet.exe danach: SmitRem2.8 http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 laden--> in den abgesicherten Modus booten --> öffne smitRem folder --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und kopiere die Textdatei in den Thread __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.12.2005, 00:25
Member
Themenstarter Beiträge: 18 |
#28
Sabina
Habe zuerst die 6 Dateien von SmitRem2.8 auf eine Diskette kopiert ==>danach bin ich in den abgesicherten Modus==> die Dateien auf den Desktop kopiert==>Doppelklick: RunThis.bat usw.==> smitfiles.txt gesucht und die Textdatei ist wie folgt: smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! spyaxe uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Online Security Guide.url ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 764 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ Online Security Guide.url ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! |
|
|
||
26.12.2005, 00:53
Ehrenmitglied
Beiträge: 29434 |
#29
bam
scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.12.2005, 11:22
Member
Themenstarter Beiträge: 18 |
#30
Sabina
Habe nur das C:Laufwerk gescannt! 1-Click ActiveScan! Installation finished The next time, start ActiveScan with just one click! 1-Click ActiveScan! The next time, start ActiveScan with just one click! Install the ActiveScan shortcut in: Desktop Start menu Taskbar Internet browser toolbar 1-Click ActiveScan! | Your Opinion - FAQs - Help No viruses or other malicious software have been found!Scan finished 184138 Files scanned C:\WINDOWS\_default.pifScan reportActiveScan only disinfects viruses. To disinfect all Thread, buy or try a recommended security product. ActiveScan gives you a deep second opinion analysis of the security level of your PC. Detected Disinfected Virus 0 0 Spyware 0 0 Hacking Tools 0 0 Dialers 0 0 Security Risks 0 0 Suspicious files 0 |
|
|
||
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=SIEMENS
Time=Sun Dec 11 23:49:01 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Started Scanning
Programs in Memory
Finished Scanning
IE Plugins: Found '{2318C2B1-4965-11d4-9B18-009027A5CD4F}' in 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
Web Browser Security Settings: Found 'EnableNegotiate' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Web Browser Security Settings: Found 'Persistent' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-tgp.org'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-tgp.org'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-spy-cam.net'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\loadcash.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\loadcash.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sex-pics.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sex-pics.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toolbarbiz.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toolbarbiz.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\traff-store.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\traff-store.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windfind4u.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windfind4u.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xawm.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xawm.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zviframe.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zviframe.biz'
Web Browser Security Settings: Found 'Google-Suche' in 'Software\Microsoft\Internet Explorer\MenuExt\&Google-Suche'
Web Browser Security Settings: Found 'Ins Deutsche übersetzen' in 'Software\Microsoft\Internet Explorer\MenuExt\&Ins Deutsche übersetzen'
Web Browser Security Settings: Found 'Im Cache gespeicherte Seite' in 'Software\Microsoft\Internet Explorer\MenuExt\Im Cache gespeicherte Seite'
Web Browser Security Settings: Found 'Nach Microsoft Excel exportieren' in 'Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren'
Web Browser Security Settings: Found 'Verweisseiten' in 'Software\Microsoft\Internet Explorer\MenuExt\Verweisseiten'
Web Browser Security Settings: Found 'Ähnliche Seiten' in 'Software\Microsoft\Internet Explorer\MenuExt\Ähnliche Seiten'
Windows Policy Settings: Found 'restrictanonymous' in 'SYSTEM\CurrentControlSet\Control\Lsa'
Windows Policy Settings: Found 'forceunlocklogon' in 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
Windows Policy Settings: Found 'wuauserv' in ''
Windows Shell Settings: Found '{9EF34FF2-3396-4527-9D27-04C8C1C67806}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks'
Windows Shell Settings: Found 'LDVPMenu' in 'SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\LDVPMenu'
Windows Shell Settings: Found 'LDVPMenu' in 'SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu'
Windows Shell Settings: Found '{BDA77241-42F6-11d0-85E2-00AA001FE28C}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found 'AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'NetHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'PrintHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Local Settings' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Local AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Pictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'My Music' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Administrative Tools' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CD Burning' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'NetHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'PrintHood' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'My Pictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Local Settings' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Local AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Cache' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'History' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Documents' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonPictures' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonMusic' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'CommonVideo' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Administrative Tools' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Windows Shell Settings: Found 'Common Start Menu' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Programs' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Startup' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common AppData' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Templates' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Favorites' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Windows Shell Settings: Found 'Common Documents' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders'
Program Startup Areas: Found 'RemoteControl' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'wininet.dll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
Program Startup Areas: Found 'kernel32.dll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run'
Program Startup Areas: Found 'SpybotSD TeaTimer' in 'S-1-5-21-1409082233-1767777339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Scanning is stopping...
Scanning is stopping...