2x iexplore im Taskmanager und stänige Pop Ups

Thema ist geschlossen!
Thema ist geschlossen!
#0
28.07.2006, 11:27
...neu hier

Beiträge: 9
#1 HI,im Taskmanager sind immer iexplorer.exe dateien obwohl ich kein iexplore geöffnet habe!!

Und beim surfen kommen aller paar minuten ständig pop ups!!

Vlei könnt ihr mir bei diesen Problem helfen

Logfile of HijackThis v1.99.1
Scan saved at 11:25:47, on 28.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\CachemanXP\CachemanXP.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\DOKUME~1\LEISTE\EIGENE~1\SSS\SIMPLESCREENSHOT.EXE
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\LClock\lclock.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Glückshelfer\ghelfer.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\TVgenial\TVgenial.exe
c:\progra~1\intern~1\iexplore.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Object Dock\ObjectDock.exe
D:\MO XP\Office10\OUTLOOK.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programme\ArcorOnline\Arcor.exe
D:\Trillian\trillian.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenet.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.freenet.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.freenet.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SimpleScreenshot] C:\DOKUME~1\LEISTE\EIGENE~1\RICO\SSS\SIMPLESCREENSHOT.EXE
O4 - HKLM\..\Run: [Body Chic Clock This] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2 Start Body Chic\cdrom cake.exe
O4 - HKCU\..\Run: [LClock] C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\LClock\lclock.exe
O4 - HKCU\..\Run: [Glueckshelfer] C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Glückshelfer\ghelfer.exe
O4 - HKCU\..\Run: [TVgenial] C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\TVgenial\TVgenial.exe -d
O4 - HKCU\..\Run: [regsmeet] C:\DOKUME~1\Leiste\ANWEND~1\BONEBA~1\Creativestore.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Object Dock\ObjectDock.exe
O8 - Extra context menu item: Download Images by Super Picture Finder Grabber - C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\4.0 Incl Vietato\Super Picture Finder Grabber 4.1.3 +keyg*hier nicht*\Super Picture Finder Grabber\pf_link.htm
O8 - Extra context menu item: Download with NetPumper - C:\Programme\Anti-Leech\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MOXP~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Yahoo\Common\yinsthelper.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6551848B-8185-4436-8C20-BDEA6E2E5BA7} (AXReader Class) - http://wbs.ioa.de/ibt/login/wbs/main/de/wbt/skillsoftsap/sap05/plugin/lesax.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{585685F2-5E0C-427B-81CB-CFDE3A777AE1}: NameServer = 195.50.140.252 195.50.140.114
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\CachemanXP\CachemanXP.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Seitenanfang Seitenende
28.07.2006, 12:53
Member

Beiträge: 13
#2 Hi, scann deine Festplatte (im Abgesicherten modus und deaktivierter systemwiederherstellung) mit spybot-search&destroy http://download.freenet.de/archiv_s/spybot_search_und_destroy_4656.html
oder mit dem ewido anti-malware http://www.zdnet.de/downloads/prg/w/j/deMIWJ-wc.html oder überhaupt mit einem antivirus z.B. antiVir PE....
Es sieht nämlich nach einem Trojaner aus
Seitenanfang Seitenende
29.07.2006, 15:39
...neu hier

Themenstarter

Beiträge: 9
#3 Hat nix gebracht das scannen,immer noch die Probleme!!

Neuer Logfile nochmal!!

Logfile of HijackThis v1.99.1
Scan saved at 22:57:42, on 29.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\CachemanXP\CachemanXP.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\DOKUME~1\LEISTE\EIGENE~1\RICO\SSS\SIMPLESCREENSHOT.EXE
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\LClock\lclock.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\ewido anti-spyware 4.0\guard.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\ArcorOnline\Arcor.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wscntfy.exe
D:\FIFA06~1\n00b.exe
D:\FIFA06~1\fifa06.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Mirc\Weisseradler-Script.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\eMule\44d\emule.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freenet.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.freenet.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.freenet.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SimpleScreenshot] C:\DOKUME~1\LEISTE\EIGENE~1\RICO\SSS\SIMPLESCREENSHOT.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!ewido] "C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LClock] C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\LClock\lclock.exe
O4 - HKCU\..\Run: [Glueckshelfer] C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Glückshelfer\ghelfer.exe
O4 - HKCU\..\Run: [TVgenial] C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\TVgenial\TVgenial.exe -d
O4 - HKCU\..\Run: [regsmeet] C:\DOKUME~1\Leiste\ANWEND~1\BONEBA~1\Creativestore.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Stardock ObjectDock.lnk = C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Object Dock\ObjectDock.exe
O8 - Extra context menu item: Download Images by Super Picture Finder Grabber - C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\4.0 Incl Vietato\Super Picture Finder Grabber 4.1.3 +Keygen\Super Picture Finder Grabber\pf_link.htm
O8 - Extra context menu item: Download with NetPumper - C:\Programme\Anti-Leech\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MOXP~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Yahoo\Common\yinsthelper.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6551848B-8185-4436-8C20-BDEA6E2E5BA7} (AXReader Class) - http://wbs.ioa.de/ibt/login/wbs/main/de/wbt/skillsoftsap/sap05/plugin/lesax.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{585685F2-5E0C-427B-81CB-CFDE3A777AE1}: NameServer = 195.50.140.252 195.50.140.114
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\CachemanXP\CachemanXP.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\ewido anti-spyware 4.0\guard.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
Dieser Beitrag wurde am 29.07.2006 um 22:58 Uhr von Quarry editiert.
Seitenanfang Seitenende
29.07.2006, 23:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 das ist der swizzor-Trojaner

look.zip laden - entpacken - look.bat - doppeltklicken - kopiere den Text ab, der erscheint
http://virus-protect.org/zip/look.zip
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.07.2006, 23:07
...neu hier

Themenstarter

Beiträge: 9
#5 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E487-71EE

Verzeichnis von C:\Dokumente und Einstellungen\Leiste\Anwendungsdaten

06.06.2006 21:32 <DIR> Adobe
02.11.2005 21:35 <DIR> AdobeAUM
30.04.2005 00:47 1.402 AdobeDLM.log
15.06.2006 11:19 <DIR> AdobeUM
26.03.2004 16:41 <DIR> Ahead
26.03.2004 18:01 <DIR> ArcSoft
28.07.2005 19:49 <DIR> Azureus
20.07.2004 17:50 <DIR> BAYWAT~1 BayWatcher Pro
15.07.2006 00:27 <DIR> BONEBA~1 bone bat real
24.10.2005 22:15 <DIR> Camfrog
28.07.2005 19:51 <DIR> DESKTO~1 Desktop Sidebar
04.12.2005 21:46 <DIR> DMCache
19.07.2004 19:35 <DIR> DTgrafic
27.07.2005 20:33 <DIR> dvdcss
22.08.2004 20:16 <DIR> EPSON
02.04.2004 15:32 <DIR> FRITZ!
04.03.2006 19:03 68.936 GDIPFO~1.DAT GDIPFONTCACHEV1.DAT
21.10.2005 19:26 <DIR> Google
14.05.2004 15:38 <DIR> Help
10.03.2005 17:16 <DIR> hhS
26.09.2005 18:31 <DIR> ICQLite
26.04.2006 22:07 <DIR> IDENTI~1 Identities
26.03.2004 17:37 <DIR> INTERT~1 InterTrust
26.03.2004 16:48 <DIR> INTERV~1 InterVideo
12.03.2006 22:50 <DIR> kiosk__
18.07.2006 18:54 <DIR> KLEBEZ~1 KlebezettelNG
29.07.2006 20:59 <DIR> KLIPFO~1 KlipFolio
01.07.2006 10:02 <DIR> Lavasoft
06.06.2006 21:32 <DIR> LEADER~1 Leadertech
26.08.2004 13:41 <DIR> MACROM~1 Macromedia
19.10.2005 20:32 <DIR> MICROG~1 Microgaming
12.03.2006 22:50 <DIR> Mozilla
19.08.2005 18:27 <DIR> MSN6
10.09.2005 10:10 <DIR> NASA
27.07.2006 00:37 <DIR> NETPUM~1 NetPumper
29.04.2006 15:17 <DIR> PCTOOL~1 PC Tools
14.04.2006 21:01 <DIR> PLAYFI~1 PlayFirst
20.11.2004 23:45 <DIR> RAPTIS~1 Raptisoft
05.08.2004 15:33 <DIR> Real
14.06.2006 22:22 <DIR> Skype
02.11.2005 21:22 <DIR> SMARTD~1 SmartDraw
19.10.2004 19:37 <DIR> SMMesser
04.03.2005 22:49 <DIR> STEINB~1 Steinberg
30.06.2004 21:46 <DIR> Sun
15.07.2004 00:27 62 sversion.ini
27.02.2004 10:58 <DIR> Symantec
18.07.2006 20:32 <DIR> TEAMSP~1 teamspeak2
13.11.2004 11:47 <DIR> TUNEUP~1 TuneUp Software
15.07.2006 00:27 <DIR> USERTE~1 USER TEST ANTE
21.11.2005 23:48 <DIR> uTorrent
18.07.2005 19:38 <DIR> vlc
28.07.2006 00:43 <DIR> Webroot
01.03.2006 23:13 <DIR> Wildfire
27.07.2006 15:46 56.854 wklnhst.dat
26.04.2006 22:07 <DIR> Zylom
4 Datei(en) 127.254 Bytes
51 Verzeichnis(se), 23.109.607.424 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E487-71EE

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

15.07.2006 00:27 <DIR> 2START~1 2 Start Body Chic
20.02.2006 15:45 305 ADDR_F~1.HTM addr_file.html
14.06.2006 16:18 <DIR> Adobe
29.07.2006 20:14 <DIR> ANTIVI~1 AntiVir PersonalEdition Classic
10.10.2004 18:54 <DIR> BLACKP~1 BlackPencil
25.09.2005 21:19 <DIR> BOONTY
26.03.2004 16:51 <DIR> CYBERL~1 CyberLink
26.03.2004 15:35 <DIR> ISDNWA~1 ISDNWatch
18.03.2006 14:36 <DIR> KASPER~1 Kaspersky Anti-Virus Personal
02.04.2004 13:54 <DIR> MSN6
19.05.2004 14:58 <DIR> PopCap
03.10.2004 12:39 <DIR> QUICKT~1 QuickTime
15.07.2006 11:03 <DIR> SECTAS~1 SecTaskMan
03.10.2005 14:17 <DIR> Skype
27.02.2004 10:58 <DIR> Symantec
05.12.2004 13:32 <DIR> Trymedia
28.11.2004 02:13 <DIR> TUNEUP~1 TuneUp Software
01.04.2006 21:41 <DIR> WINDOW~1 Windows Genuine Advantage
17.09.2005 11:39 <DIR> Zylom
1 Datei(en) 305 Bytes
18 Verzeichnis(se), 23.109.603.328 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E487-71EE

Verzeichnis von C:\WINDOWS\tasks

29.08.2002 14:00 65 desktop.ini
29.07.2006 17:11 6 SA.DAT
2 Datei(en) 71 Bytes
0 Verzeichnis(se), 23.109.603.328 Bytes frei
Seitenanfang Seitenende
30.07.2006, 12:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Quarry

Information LOP/swizzor-Trojaner -Netpumper
http://virus-protect.org/artikel/spyware/lop1.html

-----------------------------------------------------------------------------
**
Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html

**
PC neustarten (in den abgesicherten Modus) --> F8 drücken, wenn der PC hochfährt
das ist notwendig, denn im Normalmodus kann man die Dateien nicht löschen

**
desinstallieren: Netpumper
"Start -> Einstellungen -> Systemsteuerung -> Software"

**
loeschen:

C:\Dokumente und Einstellungen\Leiste\Anwendungsdaten\USER TEST ANTE
C:\Dokumente und Einstellungen\Leiste\Anwendungsdaten\bone bat real
C:\Dokumente und Einstellungen\Leiste\Anwendungsdaten\NetPumper
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2 Start Body Chic

**
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKLM\..\Run: [Body Chic Clock This] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2 Start Body Chic\cdrom cake.exe
O4 - HKCU\..\Run: [regsmeet] C:\DOKUME~1\Leiste\ANWEND~1\BONEBA~1\Creativestore.exe

O8 - Extra context menu item: Download with NetPumper - C:\Programme\Anti-Leech\NetPumper\AddUrl.htm
Boote wieder in den normalmodus

**
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften ---> Reiter Systemwiederherstellung ---> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren)

**
CleanUp
http://virus-protect.org/cleanup.html

**
Counterspy --> löscht die Eintraege in der Registry von MessengerPlus! 3 und Netpumper
http://virus-protect.org/counterspy.html
* nach dem Scan muss man sich entscheiden für:
*Remove

**
neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

**
scanne mit Panda und lösche alles manuell, was noch angezeigt wird
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.07.2006, 15:48
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 Counterspy ist 14 Tage free (vom Zeitpunkt an, wenn du es laedst), man kann also alles auf "remove" stellen und loeschen lassen.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.07.2006, 16:01
...neu hier

Themenstarter

Beiträge: 9
#8 Ich hatte es wohl schon mal gehabt und damals wieder gelöscht,da ist meine 14 Tage Free schon abgelaufen!!
Seitenanfang Seitenende
30.07.2006, 16:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9 dann kopiere hier den report, ich stelle dann eine manuelle reinigung zusammen
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.07.2006, 18:51
...neu hier

Themenstarter

Beiträge: 9
#10 Spyware Scan Details
Start Date: 30.07.2006 17:24:38
End Date: 30.07.2006 18:47:25
Total Time: 1 hrs 22 mins 47 secs

Detected spyware

Begin2Search Browser Plug-in more information...
Details: Installs a number of thrid part spyware products and displays popup ads in addition to hijacking Internet Explorer.
Status: Ignored

Infected files detected
c:\windows\system32\rtneg.dll
C:\WINDOWS\system32\winbbb.dat

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\InprocServer32 C:\WINDOWS\system32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\ProgID trfdsk.amo.1
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\VersionIndependentProgID trfdsk.amo
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9} amo Class
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32 C:\WINDOWS\system32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\ProgID trfdsk.ohb.1
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\VersionIndependentProgID trfdsk.ohb
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B} ohb Class
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\InprocServer32 C:\WINDOWS\system32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\ProgID trfdsk.momo.1
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\VersionIndependentProgID trfdsk.momo
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1} momo Class
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\InprocServer32 C:\WINDOWS\system32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\ProgID trfdsk.iiittt.1
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\ToolboxBitmap32 C:\WINDOWS\system32\rtneg.dll, 102
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\VersionIndependentProgID trfdsk.iiittt
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825} iiittt Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{999A06FF-10EF-4A29-8640-69E99882C26B} ohb
HKEY_CLASSES_ROOT\trfdsk.amo
HKEY_CLASSES_ROOT\trfdsk.amo\CLSID {356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\trfdsk.amo\CurVer trfdsk.amo.1
HKEY_CLASSES_ROOT\trfdsk.amo amo Class
HKEY_CLASSES_ROOT\trfdsk.ohb
HKEY_CLASSES_ROOT\trfdsk.ohb\CLSID {999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\trfdsk.ohb\CurVer trfdsk.ohb.1
HKEY_CLASSES_ROOT\trfdsk.ohb ohb Class
HKEY_CLASSES_ROOT\trfdsk.momo.1
HKEY_CLASSES_ROOT\trfdsk.momo.1\CLSID {52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\trfdsk.momo.1 momo Class
HKEY_CLASSES_ROOT\trfdsk.momo
HKEY_CLASSES_ROOT\trfdsk.momo\CLSID {52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\trfdsk.momo\CurVer trfdsk.momo.1
HKEY_CLASSES_ROOT\trfdsk.momo momo Class
HKEY_CLASSES_ROOT\trfdsk.ohb.1
HKEY_CLASSES_ROOT\trfdsk.ohb.1\CLSID {999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\trfdsk.ohb.1 ohb Class
HKEY_CLASSES_ROOT\trfdsk.iiittt.1
HKEY_CLASSES_ROOT\trfdsk.iiittt.1\CLSID {0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\trfdsk.iiittt.1 iiittt Class
HKEY_CLASSES_ROOT\trfdsk.iiittt
HKEY_CLASSES_ROOT\trfdsk.iiittt\CLSID {0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\trfdsk.iiittt\CurVer trfdsk.iiittt.1
HKEY_CLASSES_ROOT\trfdsk.iiittt iiittt Class
HKEY_CLASSES_ROOT\trfdsk.amo.1
HKEY_CLASSES_ROOT\trfdsk.amo.1\CLSID {356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\trfdsk.amo.1 amo Class


AntiLeech Plugin Adware more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Ignored

Infected files detected
c:\programme\anti-leech\alie\al2np.dll
c:\programme\anti-leech\alie\alhlp.exe
c:\programme\anti-leech\alie\alie.dll
c:\programme\anti-leech\alie\alie.inf
c:\programme\anti-leech\alie\iesetup2.exe
c:\programme\anti-leech\alie_1.0.2.1\al2np.dll
c:\programme\anti-leech\alie_1.0.2.1\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.1\alie.dll
c:\programme\anti-leech\alie_1.0.2.1\alie.inf
c:\programme\anti-leech\alie_1.0.2.1\iesetup2.exe
c:\programme\anti-leech\alie_1.0.2.2\al2np.dll
c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.2\alie.dll
c:\programme\anti-leech\alie_1.0.2.2\alie.inf
c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe
c:\programme\anti-leech\alie_1.0.2.3\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.3\alie.dll
c:\programme\anti-leech\alie_1.0.2.3\alie.inf
c:\programme\anti-leech\alie_1.0.2.3\iesetup2.exe
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.3\alie.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\Suffixes
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Description Anti-Leech Package
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5\MimeTypes\application/x-al-package Suffixes alp
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Path C:\Programme\Anti-Leech\ALNN\npalnn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Description Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Version 1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 Vendor Anti-Leech
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 ProductName Anti-Leech Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


Unclassified.Trojan.D Trojan more information...
Status: Ignored

Infected files detected
c:\windows\system32\svc.dll


BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Ignored

Infected files detected
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\BSidle.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella
HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8
HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\sounds\notify.wav
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare


WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Ignored

Infected files detected
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\RunMSC.dll
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\Webstats.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\Webstats.ini

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader


Screen Screw Joke Program more information...
Details: Harmless entertainment software.
Status: Ignored

Infected files detected
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Lustig\screenscrew.exe


iSearch.Toolbar Toolbar more information...
Details: ISearch toolbar is a spyware/adware toolbar that is purported to deliver advanced toolbar functions to Internet Explorer, however, it changes your browser settings.
Status: Ignored

Infected files detected
C:\WINDOWS\system32\popupblocker31.ico


My Way Speedbar Browser Plug-in more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


eDonkey2000 P2P more information...
Details: eDonkey2000 is a P2P file sharing program that bundles adware/spyware such as Webhancer, Web Search Toolbar and New.Net.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free\Firstrun state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free pkid
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free alid pinkporn
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free iid {79CE9B89-1EAB-4519-BED6-FE963AE5304C}
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo KtOzAUWmxZZz71CcXyV8NuSFtZXv4oBHvPdu11OH89Br7heI6fT-hb8j75g0zSYQKdSMWz8B0CIXZ2P+-hyW5nnHb4IZ5VUPacHmM5icVSokaVc-24UhTDz0ZOqRA8R6T52VT-aFlADGzsmr6aRCshx+TNPrvgswebZHCIlnuWUUB0q5+CTHypDO5RmY-pqvPj3lKAxi29Nv
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\Leiste Field1 323491058
HKEY_CURRENT_USER\Software\NetPumper\Leiste Field2 759257472
HKEY_CURRENT_USER\Software\NetPumper\Leiste Field3 1286356659
HKEY_CURRENT_USER\Software\NetPumper\Leiste Field4 1535007874
HKEY_CURRENT_USER\Software\NetPumper\Leiste PreferenceFile C:\Dokumente und Einstellungen\Leiste\Anwendungsdaten\NetPumper\Leiste.ini
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage


WildTangent Low Risk Adware more information...
Details: WildTangent is an online gaming plugin bundle from Wildtangent.com similar to Macromedia’s flash. WildTangent uses a built in required feature that is used to provide adware based advertising to the user.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000} IWTDrop
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000} IWTVector3D
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} IWTActor
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} IWTVisualizer
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f} IWTOnLoadEvent
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} IWTCollisionInfo
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227} IWTPortal
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib {B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0} IWTHoster
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64} IWTCamera
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} IWTSurfaceShader
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469} IWTMultiplayer
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000} IWTBitmap
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa} IWTFile
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} IWTAudioClip3D
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626} IWTMPMessage
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5} IWTMPSession
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} IWTJoystick
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} IWTKeyboardPollInfo
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} IWT
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} _IWTEvents
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} IWTString3D
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf} IWTShadow
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000} IWTOrientation3D
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} IWTSysInfo
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} IWTMousePollInfo
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} IWTFont
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000} IWTLight
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} IWTObject
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} IWTModel
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} IWTContainer
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} IWTStage
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} IWTGroup
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} IWTEvent
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} IWTAudioClip
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} IWTSpout
HKEY_CLASSES_ROOT\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}
HKEY_CLASSES_ROOT\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\0\win32 C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll
HKEY_CLASSES_ROOT\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0\HELPDIR C:\WINDOWS\wt\webdriver\4.1.1\
HKEY_CLASSES_ROOT\typelib\{b162d478-ef46-4475-b1fe-216bdedb7fad}\1.0 WildTangent Multiplayer 2.0 Type Library
HKEY_CLASSES_ROOT\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}
HKEY_CLASSES_ROOT\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\0\win32 C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll
HKEY_CLASSES_ROOT\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0\HELPDIR C:\WINDOWS\wt\webdriver\4.1.1\
HKEY_CLASSES_ROOT\typelib\{b7e20302-c22c-4af2-9d75-c3eb6eee9dd8}\1.0 WDMHHost 1.0 Type Library
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32 C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR C:\WINDOWS\wt\webdriver\4.1.1\
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0 WebDriver 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000} IWTDrop
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000} IWTVector3D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B} IWTActor
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44} IWTVisualizer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F} IWTOnLoadEvent
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08} IWTCollisionInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227} IWTPortal
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64} IWTCamera
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235} IWTSurfaceShader
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469} IWTMultiplayer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000} IWTBitmap
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA} IWTFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D} IWTAudioClip3D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626} IWTMPMessage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5} IWTMPSession
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7} IWTJoystick
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14} IWTKeyboardPollInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3} IWT
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3} IWTGroup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3} IWTAudioClip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A} IWTSpout
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B162D478-EF46-4475-B1FE-216BDEDB7FAD}\1.0\0\win32 C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B162D478-EF46-4475-B1FE-216BDEDB7FAD}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B162D478-EF46-4475-B1FE-216BDEDB7FAD}\1.0\HELPDIR C:\WINDOWS\wt\webdriver\4.1.1\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B162D478-EF46-4475-B1FE-216BDEDB7FAD}\1.0 WildTangent Multiplayer 2.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}\1.0\0\win32 C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}\1.0\HELPDIR C:\WINDOWS\wt\webdriver\4.1.1\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}\1.0 WDMHHost 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\0\win32 C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\HELPDIR C:\WINDOWS\wt\webdriver\4.1.1\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0 WebDriver 1.0 Type Library


iSearch.DesktopSearch Spyware more information...
Details: Removes the users access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1


MyWebSearch Toolbar Potentially Unwanted Software more information...
Details: WebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


Adw.BestOffersNetworks.RecordNRip Adware more information...
Details: Adw.BestOffersNetworks.RecordNRip is a crippled version of software which purports to allow a user to record music from their PC. This application alone does not present a Thread, but is installed with several adware Thread.
Status: Ignored

Infected files detected
c:\windows\system32\nctaudiocdgrabber2.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\InprocServer32 C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\ProgID NCTAudioCDGrabber2.AudioCDGrabber2.1
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\TypeLib {81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\VersionIndependentProgID NCTAudioCDGrabber2.AudioCDGrabber2
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} AudioCDGrabber2 Class
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} AppID {AD71F65D-CD13-4837-A2DC-E4D90020E7D4}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\InprocServer32 C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\ProgID NCTAudioCDGrabber2.FreeDBInformation2.1
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\TypeLib {81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\VersionIndependentProgID NCTAudioCDGrabber2.FreeDBInformation2
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} FreeDBInformation2 Class
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} AppID {AD71F65D-CD13-4837-A2DC-E4D90020E7D4}


Cok.ad.yieldmanager Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@ad.yieldmanager[2].txt


IndexTools.com Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@indextools[1].txt


Cok.AssasinTrojan2.0 Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@statcounter[2].txt


Radar Spy 1.0 Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@tradedoubler[2].txt
Seitenanfang Seitenende
30.07.2006, 19:19
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\trfdsk.amo
HKEY_CLASSES_ROOT\trfdsk.ohb
HKEY_CLASSES_ROOT\trfdsk.momo.1
HKEY_CLASSES_ROOT\trfdsk.ohb.1
HKEY_CLASSES_ROOT\trfdsk.iiittt.1
HKEY_CLASSES_ROOT\trfdsk.amo.1
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_CURRENT_USER\Software\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_CLASSES_ROOT\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg

Files to delete:
C:\WINDOWS\isrvs\desktop.exe
c:\programme\anti-leech\alie\al2np.dll
c:\programme\anti-leech\alie\alhlp.exe
c:\programme\anti-leech\alie\alie.dll
c:\programme\anti-leech\alie\alie.inf
c:\programme\anti-leech\alie\iesetup2.exe
c:\programme\anti-leech\alie_1.0.2.1\al2np.dll
c:\programme\anti-leech\alie_1.0.2.1\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.1\alie.dll
c:\programme\anti-leech\alie_1.0.2.1\alie.inf
c:\programme\anti-leech\alie_1.0.2.1\iesetup2.exe
c:\programme\anti-leech\alie_1.0.2.2\al2np.dll
c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.2\alie.dll
c:\programme\anti-leech\alie_1.0.2.2\alie.inf
c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe
c:\programme\anti-leech\alie_1.0.2.3\alhlp.exe
c:\programme\anti-leech\alie_1.0.2.3\alie.dll
c:\programme\anti-leech\alie_1.0.2.3\alie.inf
c:\programme\anti-leech\alie_1.0.2.3\iesetup2.exe
c:\programme\anti-leech\alnn\al2np.dll
c:\programme\anti-leech\alnn\alhlp.exe
c:\programme\anti-leech\alnn\npalnn.dll
c:\programme\anti-leech\alnn\setup2.exe
C:\WINDOWS\system32\svc.dll
C:\WINDOWS\system32\rtneg.dll
C:\WINDOWS\system32\winbbb.dat
C:\WINDOWS\system32\nctaudiocdgrabber2.dll
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Lustig\screenscrew.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\RunMSC.dll
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\Webstats.exe
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\Webstats.ini
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\BSidle.dll


Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

1.
poste das log vom avenger, was erscheint

2.
desinstalliere :Bearshare

3.
loesche:
C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare
c:\programme\anti-leech

4.
scanne noch mal mit Counterspy und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.07.2006, 10:02
...neu hier

Themenstarter

Beiträge: 9
#12 //////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\trfdsk.amo


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\trfdsk.ohb


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\trfdsk.momo.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\trfdsk.ohb.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\trfdsk.iiittt.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\trfdsk.amo.1


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\Software\NetPumper


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CLASSES_ROOT\gnufile


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rruikofo

*******************

Script file located at: \??\C:\WINDOWS\system32\cwaokvke.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\isrvs\desktop.exe for deletion
Deletion of file C:\WINDOWS\isrvs\desktop.exe failed!

Could not process line:
C:\WINDOWS\isrvs\desktop.exe
Status: 0xc000003a

File c:\programme\anti-leech\alie\al2np.dll deleted successfully.
File c:\programme\anti-leech\alie\alhlp.exe deleted successfully.
File c:\programme\anti-leech\alie\alie.dll deleted successfully.
File c:\programme\anti-leech\alie\alie.inf deleted successfully.
File c:\programme\anti-leech\alie\iesetup2.exe deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.1\al2np.dll deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.1\alhlp.exe deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.1\alie.dll deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.1\alie.inf deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.1\iesetup2.exe deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.2\al2np.dll deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.2\alhlp.exe deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.2\alie.dll deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.2\alie.inf deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.2\iesetup2.exe deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.3\alhlp.exe deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.3\alie.dll deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.3\alie.inf deleted successfully.
File c:\programme\anti-leech\alie_1.0.2.3\iesetup2.exe deleted successfully.
File c:\programme\anti-leech\alnn\al2np.dll deleted successfully.
File c:\programme\anti-leech\alnn\alhlp.exe deleted successfully.
File c:\programme\anti-leech\alnn\npalnn.dll deleted successfully.
File c:\programme\anti-leech\alnn\setup2.exe deleted successfully.
File C:\WINDOWS\system32\svc.dll deleted successfully.
File C:\WINDOWS\system32\rtneg.dll deleted successfully.


File C:\WINDOWS\system32\winbbb.dat not found!
Deletion of file C:\WINDOWS\system32\winbbb.dat failed!

Could not process line:
C:\WINDOWS\system32\winbbb.dat
Status: 0xc0000034

File C:\WINDOWS\system32\nctaudiocdgrabber2.dll deleted successfully.
File C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Lustig\screenscrew.exe deleted successfully.
File C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\RunMSC.dll deleted successfully.
File C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\Webstats.exe deleted successfully.
File C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\Webstats.ini deleted successfully.
File C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Rico\Bearshare\BSidle.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{999A06FF-10EF-4A29-8640-69E99882C26B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE.1 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.5 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\bearshare deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9E33220-0B05-11D7-88D2-444553540000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B162D478-EF46-4475-B1FE-216BDEDB7FAD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\classes\gnufile deleted successfully.

Completed script processing.

*******************

Finished! Terminate.





------------------------------------------------------------------------------------------------------------------------------------------------------

Spyware Scan Details
Start Date: 31.07.2006 10:02:50
End Date: 31.07.2006 12:01:21
Total Time: 1 hrs 58 mins 31 secs

Detected spyware

iSearch.Toolbar Toolbar more information...
Details: ISearch toolbar is a spyware/adware toolbar that is purported to deliver advanced toolbar functions to Internet Explorer, however, it changes your browser settings.
Status: Ignored

Infected files detected
C:\WINDOWS\system32\popupblocker31.ico


BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Dokumente und Einstellungen\Leiste\Eigene Dateien\Bearshare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library


AntiLeech Plugin Adware more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Ignored

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Netscape, Mozilla, Opera
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


My Way Speedbar Browser Plug-in more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader


eDonkey2000 P2P more information...
Details: eDonkey2000 is a P2P file sharing program that bundles adware/spyware such as Webhancer, Web Search Toolbar and New.Net.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object


WildTangent Low Risk Adware more information...
Details: WildTangent is an online gaming plugin bundle from Wildtangent.com similar to Macromedia’s flash. WildTangent uses a built in required feature that is used to provide adware based advertising to the user.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000} IWTDrop
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000} IWTVector3D
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} IWTActor
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} IWTVisualizer
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f} IWTOnLoadEvent
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} IWTCollisionInfo
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227} IWTPortal
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib {B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0} IWTHoster
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64} IWTCamera
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} IWTSurfaceShader
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{5dd15c3e-fc35-4e6f-b34c-e030d6439469} IWTMultiplayer
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000} IWTBitmap
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa} IWTFile
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} IWTAudioClip3D
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{8db2bc32-56e9-4349-b125-cb2561a06626} IWTMPMessage
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{a73f5102-3782-4945-bf97-889f9b6dc9a5} IWTMPSession
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} IWTJoystick
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} IWTKeyboardPollInfo
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} IWT
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} _IWTEvents
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} IWTString3D
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c3a156d4-503f-4779-a673-657308d94faf} IWTShadow
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000} IWTOrientation3D
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} IWTSysInfo
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} IWTMousePollInfo
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} IWTFont
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000} IWTLight
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} IWTObject
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} IWTModel
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} IWTContainer
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} IWTStage
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} IWTGroup
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} IWTEvent
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} IWTAudioClip
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} IWTSpout
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000} IWTDrop
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000} IWTVector3D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B} IWTActor
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44} IWTVisualizer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F} IWTOnLoadEvent
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08} IWTCollisionInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227} IWTPortal
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64} IWTCamera
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C49CBD2-8ED7-439B-8668-32149F84A235} IWTSurfaceShader
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DD15C3E-FC35-4E6F-B34C-E030D6439469} IWTMultiplayer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000} IWTBitmap
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA} IWTFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D} IWTAudioClip3D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626} IWTMPMessage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}\TypeLib {B162D478-EF46-4475-B1FE-216BDEDB7FAD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5} IWTMPSession
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7} IWTJoystick
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14} IWTKeyboardPollInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3} IWT
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3} IWTGroup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3} IWTAudioClip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A} IWTSpout


Begin2Search Browser Plug-in more information...
Details: Installs a number of thrid part spyware products and displays popup ads in addition to hijacking Internet Explorer.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\InprocServer32 C:\WINDOWS\system32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\ProgID trfdsk.amo.1
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\VersionIndependentProgID trfdsk.amo
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9} amo Class
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32 C:\WINDOWS\system32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\ProgID trfdsk.ohb.1
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}\VersionIndependentProgID trfdsk.ohb
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B} ohb Class
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\InprocServer32 C:\WINDOWS\system32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\ProgID trfdsk.momo.1
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}\VersionIndependentProgID trfdsk.momo
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1} momo Class
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\InprocServer32 C:\WINDOWS\system32\rtneg.dll
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\ProgID trfdsk.iiittt.1
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\ToolboxBitmap32 C:\WINDOWS\system32\rtneg.dll, 102
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\TypeLib {DA15C9A2-C30A-4761-922A-5DFE7C9A1F67}
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\VersionIndependentProgID trfdsk.iiittt
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825} iiittt Class
HKEY_CLASSES_ROOT\trfdsk.amo
HKEY_CLASSES_ROOT\trfdsk.amo\CLSID {356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\trfdsk.amo\CurVer trfdsk.amo.1
HKEY_CLASSES_ROOT\trfdsk.amo amo Class
HKEY_CLASSES_ROOT\trfdsk.ohb
HKEY_CLASSES_ROOT\trfdsk.ohb\CLSID {999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\trfdsk.ohb\CurVer trfdsk.ohb.1
HKEY_CLASSES_ROOT\trfdsk.ohb ohb Class
HKEY_CLASSES_ROOT\trfdsk.momo.1
HKEY_CLASSES_ROOT\trfdsk.momo.1\CLSID {52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\trfdsk.momo.1 momo Class
HKEY_CLASSES_ROOT\trfdsk.momo
HKEY_CLASSES_ROOT\trfdsk.momo\CLSID {52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\trfdsk.momo\CurVer trfdsk.momo.1
HKEY_CLASSES_ROOT\trfdsk.momo momo Class
HKEY_CLASSES_ROOT\trfdsk.ohb.1
HKEY_CLASSES_ROOT\trfdsk.ohb.1\CLSID {999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\trfdsk.ohb.1 ohb Class
HKEY_CLASSES_ROOT\trfdsk.iiittt.1
HKEY_CLASSES_ROOT\trfdsk.iiittt.1\CLSID {0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\trfdsk.iiittt.1 iiittt Class
HKEY_CLASSES_ROOT\trfdsk.iiittt
HKEY_CLASSES_ROOT\trfdsk.iiittt\CLSID {0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\trfdsk.iiittt\CurVer trfdsk.iiittt.1
HKEY_CLASSES_ROOT\trfdsk.iiittt iiittt Class
HKEY_CLASSES_ROOT\trfdsk.amo.1
HKEY_CLASSES_ROOT\trfdsk.amo.1\CLSID {356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\trfdsk.amo.1 amo Class


MyWebSearch Toolbar Potentially Unwanted Software more information...
Details: WebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components such as cydoor, Save!, ClockSync, and WhenU Toolbar.
Status: Ignored

Infected registry entries detected
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\Leiste Field1 323491058
HKEY_CURRENT_USER\Software\NetPumper\Leiste Field2 759257472
HKEY_CURRENT_USER\Software\NetPumper\Leiste Field3 1286356659
HKEY_CURRENT_USER\Software\NetPumper\Leiste Field4 1535007874
HKEY_CURRENT_USER\Software\NetPumper\Leiste PreferenceFile C:\Dokumente und Einstellungen\Leiste\Anwendungsdaten\NetPumper\Leiste.ini


Adw.BestOffersNetworks.RecordNRip Adware more information...
Details: Adw.BestOffersNetworks.RecordNRip is a crippled version of software which purports to allow a user to record music from their PC. This application alone does not present a threat, but is installed with several adware threats.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\InprocServer32 C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\ProgID NCTAudioCDGrabber2.AudioCDGrabber2.1
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\TypeLib {81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\VersionIndependentProgID NCTAudioCDGrabber2.AudioCDGrabber2
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} AudioCDGrabber2 Class
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} AppID {AD71F65D-CD13-4837-A2DC-E4D90020E7D4}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\InprocServer32 C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\ProgID NCTAudioCDGrabber2.FreeDBInformation2.1
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\TypeLib {81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\VersionIndependentProgID NCTAudioCDGrabber2.FreeDBInformation2
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} FreeDBInformation2 Class
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} AppID {AD71F65D-CD13-4837-A2DC-E4D90020E7D4}


Cok.ad.yieldmanager Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@ad.yieldmanager[1].txt


CGI-Bin Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@cgi-bin[1].txt


IndexTools.com Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@indextools[1].txt


Cok.AssasinTrojan2.0 Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@statcounter[2].txt


Radar Spy 1.0 Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@tradedoubler[2].txt


Counter.com Cookie more information...
Status: Ignored

Infected cookies detected
c:\dokumente und einstellungen\leiste\cookies\leiste@counter[1].txt
Dieser Beitrag wurde am 31.07.2006 um 12:07 Uhr von Quarry editiert.
Seitenanfang Seitenende
31.07.2006, 12:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 scanne noh mal mit Counterspy und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.07.2006, 12:09
...neu hier

Themenstarter

Beiträge: 9
#14 hab ich eben im vorigen beitrag mt rein editiert!!
Seitenanfang Seitenende
31.07.2006, 12:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 Avenger

Zitat

registry keys to delete:

HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
HKEY_CLASSES_ROOT\clsid\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}
HKEY_CLASSES_ROOT\clsid\{999A06FF-10EF-4A29-8640-69E99882C26B}
HKEY_CLASSES_ROOT\clsid\{52ADD86D-9561-4C40-B561-4204DBC139D1}
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_CLASSES_ROOT\trfdsk.amo
HKEY_CLASSES_ROOT\trfdsk.ohb
HKEY_CLASSES_ROOT\trfdsk.momo.1
HKEY_CLASSES_ROOT\trfdsk.ohb.1
HKEY_CLASSES_ROOT\trfdsk.iiittt.1
HKEY_CLASSES_ROOT\trfdsk.iiittt
HKEY_CLASSES_ROOT\clsid\{0962DA67-DB64-465C-8CD7-CBB357CAF825}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FECA7CFA-1083-4073-A98A-CF3389FCAF6A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B57613B6-EF02-4D96-99C6-70C9A2014A14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A73F5102-3782-4945-BF97-889F9B6DC9A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DB2BC32-56E9-4349-B125-CB2561A06626}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{810E95C2-F908-4E02-9B28-B92C3A778D0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{399A8818-2000-436C-9A55-0016E5E3D227}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}
HKEY_CLASSES_ROOT\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}
HKEY_CLASSES_ROOT\interface\{3f44b498-8fd4-4a1e-852c-170156ed27c0}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}
HKEY_CLASSES_ROOT\interface\{399a8818-2000-436c-9a55-0016e5e3d227}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}
HKEY_CLASSES_ROOT\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}
scanne wieder mit Counterspy und poste das log
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: