Home » Viren, Trojaner & Malware Forum » Icq + IE schmieren sofort nach Start ab! » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Icq + IE schmieren sofort nach Start ab!

Thema ist geschlossen!

09.09.2006, 15:35

nix1990

Member

Beiträge: 37

#1 Hi,
in letzter Zeit hab ich n ziemlich extremes Problem.
Seit ner Woche oder so schmiert mein Internet Explorer sowie mein Icq immer mal wieder mit dieser
"xyz hat ein Problem festgestellt und musste beendet werden"
Meldung ab.
Seit heute morgen brauch ich mich bei icq nur noch anzumelden bzw den IE anmachen und schon kommt die Meldung.
Ich denke mal da hab ich mir was richtig gutes eingefangen und hoffe das ich das Prob ohne Formatierung beheben kann.

Hier mein Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 15:33:27, on 09.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
e:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Programme\Razer\razertra.exe
C:\Programme\Razer\razerhid.exe
C:\Programme\Razer\razerofa.exe
D:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\ElkCtrl.exe
D:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
E:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Dokumente und Einstellungen\Freestyler\Desktop\AntivirenZeugs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lastminute-auction.com/de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D679557D4E2139CF - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razertra] C:\Programme\Razer\razertra.exe
O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "e:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "d:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "d:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{984E62DF-99C2-425F-BEB2-8F5935F94241}: NameServer = 192.168.0.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - e:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Hoffentlich könnt ihr mir helfen!

MfG Julien

09.09.2006, 16:23

Sabina

Ehrenmitglied

Beiträge: 29434

#2 1.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\zango
HKEY_CURRENT_USER\SOFTWARE\zango

Files to delete:
C:\WINDOWS\Downloaded Program Files\ClientAX.dll
C:\WINDOWS\Downloaded Program Files\SAIX.dll

Folders to delete:
C:\Programme\Zango
C:\Program Files\Zango Programs
C:\Programme\MyGlobalSearch

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

2.
poste das log vom avenger, was erscheint

3.
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D679557D4E2139CF - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - e:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

PC neustarten

4.
CleanUp anwenden
http://virus-protect.org/cleanup.html

5.
scanne mit Counterspy, stelle alles auf remove
http://virus-protect.org/counterspy.html
und poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit

09.09.2006, 16:57

nix1990

Member

Themenstarter

Beiträge: 37

#3 1. Avenger log

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\SOFTWARE\zango

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\evbtpiff

*******************

Script file located at: \??\C:\Program Files\nbvxhkus.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Downloaded Program Files\ClientAX.dll deleted successfully.

File C:\WINDOWS\Downloaded Program Files\SAIX.dll not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\SAIX.dll failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\SAIX.dll
Status: 0xc0000034

Folder C:\Programme\Zango deleted successfully.

Folder C:\Program Files\Zango Programs not found!
Deletion of folder C:\Program Files\Zango Programs failed!

Could not process line:
C:\Program Files\Zango Programs
Status: 0xc0000034

Folder C:\Programme\MyGlobalSearch deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\zango deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

09.09.2006, 16:58

Sabina

Ehrenmitglied

Beiträge: 29434

#4 4.
CleanUp anwenden
http://virus-protect.org/cleanup.html

5.
scanne mit Counterspy, stelle alles auf remove
http://virus-protect.org/counterspy.html
und poste den scanreport
__________
MfG Sabina

rund um die PC-Sicherheit

09.09.2006, 17:45

nix1990

Member

Themenstarter

Beiträge: 37

#5 Um nach dem CS Scan den Take Action Button betätigen zu können muss ich nen Reg Key haben.

Liegt wohl daran das ich Counterspy schon mal vor einiger Zeit benutzt hatte als ich nen Prob hatte und das hier im Forum gepostet hab.

09.09.2006, 17:52

Sabina

Ehrenmitglied

Beiträge: 29434

#6 dann poste nur den report, ich sehe, was ich machen kann

__________
MfG Sabina

rund um die PC-Sicherheit

09.09.2006, 19:13

nix1990

Member

Themenstarter

Beiträge: 37

#7 Spyware Scan Details
Start Date: 09.09.2006 17:07:08
End Date: 09.09.2006 17:40:14
Total Time: 33 mins 6 secs

Detected spyware

WildTangent Low Risk Adware more information...
Details: WildTangent is an online gaming plugin bundle from Wildtangent.com similar to Macromedia’s flash. WildTangent uses a built in required feature that is used to provide adware based advertising to the user.
Status: Ignored

Infected files detected
c:\windows\wt\wtvh.dll
c:\windows\wt\wtwmplug.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WT3D.WT.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WT3D.WT.1\CLSID {FA13A9FA-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WT3D.WT.1 WT Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WT3D.WT
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WT3D.WT\CLSID {FA13A9FA-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WT3D.WT\CurVer WT3D.WT.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WT3D.WT WT Class
HKEY_CLASSES_ROOT\clsid\{8ecf83a0-1ac9-11d4-8501-00a0cc5d1f63}
HKEY_CLASSES_ROOT\clsid\{8ecf83a0-1ac9-11d4-8501-00a0cc5d1f63}\InprocServer32 C:\WINDOWS\wt\wtwmplug.dll
HKEY_CLASSES_ROOT\clsid\{8ecf83a0-1ac9-11d4-8501-00a0cc5d1f63}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{8ecf83a0-1ac9-11d4-8501-00a0cc5d1f63} WMplug Property Page
HKEY_CLASSES_ROOT\clsid\{ecfbe6e0-1ac8-11d4-8501-00a0cc5d1f63}
HKEY_CLASSES_ROOT\clsid\{ecfbe6e0-1ac8-11d4-8501-00a0cc5d1f63}\InprocServer32 C:\WINDOWS\wt\wtwmplug.dll
HKEY_CLASSES_ROOT\clsid\{ecfbe6e0-1ac8-11d4-8501-00a0cc5d1f63}\InprocServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\clsid\{ecfbe6e0-1ac8-11d4-8501-00a0cc5d1f63} WMplug
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}\InprocServer32 C:\WINDOWS\wt\webdriver.dll
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}\ProgID WT3D.WT.1
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}\ToolboxBitmap32 C:\WINDOWS\wt\webdriver.dll, 101
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}\VersionIndependentProgID WT3D.WT
HKEY_CLASSES_ROOT\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3} WT Class
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{05ef74a5-e109-11d2-a566-444553540000} IWTDrop
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{0e7ae465-ee8d-11d2-a566-444553540000} IWTVector3D
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} IWTActor
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} IWTVisualizer
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{16410859-886f-4579-bc1f-330a139d0f0f} IWTOnLoadEvent
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} IWTCollisionInfo
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{52889e01-cb46-11d2-96bc-00104b242e64} IWTCamera
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{6e6cf8e5-d795-11d2-a566-444553540000} IWTBitmap
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{79884200-3ade-11d3-ac39-00105a2057fa} IWTFile
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} IWTJoystick
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} IWT
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} _IWTEvents
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{d72ac8e7-f41d-11d2-a566-444553540000} IWTOrientation3D
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} IWTSysInfo
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{f10493c1-d0b6-11d2-a566-444553540000} IWTLight
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} IWTObject
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} IWTModel
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} IWTContainer
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} IWTStage
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} IWTGroup
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} IWTEvent
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} IWTAudioClip
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32 C:\WINDOWS\wt\webdriver.dll
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR C:\WINDOWS\wt\
HKEY_CLASSES_ROOT\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0 WebDriver 1.0 Type Library
HKEY_CLASSES_ROOT\wt3d.wt
HKEY_CLASSES_ROOT\wt3d.wt\CLSID {FA13A9FA-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\wt3d.wt\CurVer WT3D.WT.1
HKEY_CLASSES_ROOT\wt3d.wt WT Class
HKEY_CLASSES_ROOT\wt3d.wt.1
HKEY_CLASSES_ROOT\wt3d.wt.1\CLSID {FA13A9FA-CA9B-11D2-9780-00104B242EA3}
HKEY_CLASSES_ROOT\wt3d.wt.1 WT Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}\InprocServer32 C:\WINDOWS\wt\wtwmplug.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}\InprocServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63} WMplug Property Page
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}\InprocServer32 C:\WINDOWS\wt\wtwmplug.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}\InprocServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} WMplug
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32 C:\WINDOWS\wt\webdriver.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus\1 131473
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ProgID WT3D.WT.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32 C:\WINDOWS\wt\webdriver.dll, 101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\VersionIndependentProgID WT3D.WT
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3} WT Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{05EF74A5-E109-11D2-A566-444553540000} IWTDrop
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E7AE465-EE8D-11D2-A566-444553540000} IWTVector3D
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1113C0B6-5300-4D5D-B2D7-35C14B28341B} IWTActor
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{111D8B01-96C5-46DD-94D1-C6E8B1F69F44} IWTVisualizer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16410859-886F-4579-BC1F-330A139D0F0F} IWTOnLoadEvent
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{35ED7DFB-A8ED-4216-A4BB-BC08C326EF08} IWTCollisionInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{52889E01-CB46-11D2-96BC-00104B242E64} IWTCamera
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E6CF8E5-D795-11D2-A566-444553540000} IWTBitmap
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79884200-3ADE-11D3-AC39-00105A2057FA} IWTFile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA0C96F9-A994-42D7-9543-842CF85E1BA7} IWTJoystick
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDB9B021-CAFF-11D2-9780-00104B242EA3} IWT
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AA46-CA9B-11D2-9780-00104B242EA3} IWTGroup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\TypeLib {FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA13AAFA-CA9B-11D2-9780-00104B242EA3} IWTAudioClip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\0\win32 C:\WINDOWS\wt\webdriver.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0\HELPDIR C:\WINDOWS\wt\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}\1.0 WebDriver 1.0 Type Library

BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Ignored

Infected files detected
D:\Programme\BearShare\BSidle.dll
d:\programme\bearshare\runmsc.dll

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 d:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "d:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 d:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR d:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current d:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir d:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\open\command "d:\Programme\BearShare\BearShare.exe" "%1"
HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella
HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8
HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 d:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR d:\Programme\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString D:\PROGRA~1\BEARSH~2\UNWISE.EXE D:\PROGRA~1\BEARSH~2\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.5.6
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.com/help.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon d:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current d:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current d:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare

WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Ignored

Infected files detected
D:\Programme\BearShare\RunMSC.dll
D:\Programme\BearShare\Webstats.exe
D:\Programme\BearShare\Webstats.ini

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver
HKEY_LOCAL_MACHINE\software\classes\runmsc.loader\curver RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 d:\Programme\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_LOCAL_MACHINE\software\classes\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class

Neoturk RAT more information...
Status: Ignored

Infected files detected
D:\Programme\Valve\Steam\SteamApps\freestyler4ever\counter-strike source\cstrike\sound\admin_plugin\hlvb.wav

RBot.steam Trojan more information...
Status: Ignored

Infected files detected
E:\Programme\Half life\platform\steam_dev.exe

Zango Search Assistant Adware more information...
Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit.
Status: Ignored

Infected registry entries detected
HKEY_CURRENT_USER\Software\zango
HKEY_CURRENT_USER\Software\zango last_conn_h 29806480
HKEY_CURRENT_USER\Software\zango last_conn_l -1582751626
HKEY_CURRENT_USER\Software\zango we 2
HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b%2bHrHy
yVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2b
LZmgTu%2fw%2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY5
16%2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC
HKEY_CURRENT_USER\Software\zango TimeOffset -25200
HKEY_CURRENT_USER\Software\zango geourl_current_version 12
HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12
HKEY_CURRENT_USER\Software\zango actionurl_current_version 575
HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 571
HKEY_CURRENT_USER\Software\zango keyword_current_version 985
HKEY_CURRENT_USER\Software\zango keyword_last_full_version 979
HKEY_CURRENT_USER\Software\zango recent_shown
HKEY_CURRENT_USER\Software\zango key_int_high 29807577
HKEY_CURRENT_USER\Software\zango key_int_low 304654458
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayName Zango Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango UninstallString c:\programme\zango\zango.exe /uninst_simple_init=y
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayIcon c:\programme\zango\zango.exe,5
HKEY_CURRENT_USER\Software\zango
HKEY_CURRENT_USER\Software\zango last_conn_h 29806480
HKEY_CURRENT_USER\Software\zango last_conn_l -1582751626
HKEY_CURRENT_USER\Software\zango we 2
HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b%2bHrHyyVbCqMA28GyUdV7
TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw%2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY516%2fRYAPdq4wof
lQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC
HKEY_CURRENT_USER\Software\zango TimeOffset -25200
HKEY_CURRENT_USER\Software\zango geourl_current_version 12
HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12
HKEY_CURRENT_USER\Software\zango actionurl_current_version 575
HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 571
HKEY_CURRENT_USER\Software\zango keyword_current_version 985
HKEY_CURRENT_USER\Software\zango keyword_last_full_version 979
HKEY_CURRENT_USER\Software\zango recent_shown
HKEY_CURRENT_USER\Software\zango key_int_high 29807577
HKEY_CURRENT_USER\Software\zango key_int_low 304654458
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayName Zango Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango UninstallString c:\programme\zango\zango.exe /uninst_simple_init=y
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayIcon c:\programme\zango\zango.exe,5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} IClientInstaller2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} IRequiredComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class

My Search Bar Potentially Unwanted Software more information...
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}

180search Assistant Adware more information...
Details: 180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers.
Status: Ignored

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class
HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}
HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{2b0eceac-f597-4858-a542-d966b49055b9} IClientInstaller2
HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller.1
HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller.1 ClientInstaller Class
HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller
HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller\CurVer ClientAX.ClientInstaller.1
HKEY_LOCAL_MACHINE\software\classes\clientax.clientinstaller ClientInstaller Class
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9} IClientInstaller2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayName Zango Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango UninstallString c:\programme\zango\zango.exe /uninst_simple_init=y
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayIcon c:\programme\zango\zango.exe,5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\
VersionIndependentProgID ClientAX.ClientInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class
HKEY_CURRENT_USER\Software\zango
HKEY_CURRENT_USER\Software\zango last_conn_h 29806480
HKEY_CURRENT_USER\Software\zango last_conn_l -1582751626
HKEY_CURRENT_USER\Software\zango we 2
HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b%2bHrHyyVbCqMA28GyUdV7T
LQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw%2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY516%
2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC
HKEY_CURRENT_USER\Software\zango TimeOffset -25200
HKEY_CURRENT_USER\Software\zango geourl_current_version 12
HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12
HKEY_CURRENT_USER\Software\zango actionurl_current_version 575
HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 571
HKEY_CURRENT_USER\Software\zango keyword_current_version 985
HKEY_CURRENT_USER\Software\zango keyword_last_full_version 979
HKEY_CURRENT_USER\Software\zango recent_shown
HKEY_CURRENT_USER\Software\zango key_int_high 29807577
HKEY_CURRENT_USER\Software\zango key_int_low 304654458
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\clsid\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}
HKEY_LOCAL_MACHINE\software\classes\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_LOCAL_MACHINE\software\classes\typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda}\1.0 ClientAX 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} IRequiredComponent
HKEY_LOCAL_MACHINE\software\classes\interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}
HKEY_LOCAL_MACHINE\software\classes\interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\software\classes\interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} IRequiredComponent
HKEY_LOCAL_MACHINE\software\classes\interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}
HKEY_LOCAL_MACHINE\software\classes\interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\software\classes\interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} IClientInstaller
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} IRequiredComponent
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{2b0eceac-f597-4858-a542-d966b49055b9} IClientInstaller2
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} IClientInstaller2

Adw.MyGlobalSearch.Toolbar Toolbar more information...
Details: Adw.MyGlobalSearch.Toolbar is an IE plugin with its own Search Field.
Status: Ignored

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib {37B85A20-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404} My Global Search Bar
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32 C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{37B85A2B-692B-4205-9CAD-2626E4993404}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{37B8

10.09.2006, 00:20

Sabina

Ehrenmitglied

Beiträge: 29434

#8 nee, das ist mir zuviel, da sitze ich morgen noch dran, wenn ich einen Saeuberung mit dem avenger mache...

*
deinstalliere counterspy

*
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:
HKEY_CURRENT_USER\Software\zango
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKEY_CLASSES_ROOT\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}

Folders to delete:
D:\Programme\BearShare
c:\windows\wt

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

*
lade, scanne und poste den scanreport
http://virus-protect.org/artikel/tools/superantispyware.html
__________
MfG Sabina

rund um die PC-Sicherheit

10.09.2006, 02:23

nix1990

Member

Themenstarter

Beiträge: 37

#9 So
endlich fertig^^
Das Prog sucht ja auch ewig =>

SUPERAntiSpyware Scan Log
Generated 09/10/2006 at 01:38 AM

Core Rules Database Version : 3078
Trace Rules Database Version: 1113

Memory Thread detected : 0
Registry Thread detected : 133
File Thread detected : 50

Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}\InprocServer32
C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

Adware.MyGlobalSearchBar
HKLM\Software\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib
HKU\S-1-5-21-1644491937-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\0\win32
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\FLAGS
HKCR\TypeLib\{37B85A20-692B-4205-9CAD-2626E4993404}\1.0\HELPDIR
HKU\S-1-5-21-1644491937-2025429265-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{37B85A29-692B-4205-9CAD-2626E4993404}
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP544\A0101820.DLL

Adware.Zango
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56F1D444-11BF-4879-A12B-79CF0177F038}

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@paypal.112.2o7[1].txt
C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@rambler[2].txt
C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@atwola[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@2o7[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@ad.adition[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@ad.zanox[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@adfarm1.adition[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@ads.demonews[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@ads.heias[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@ads.planetactive[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@ads.uclick[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@adultfriendfinder[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@advertising[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@as1.falkag[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@doubleclick[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@e-2dj6wjkyuhcjkbp.stats.esomniture[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@ehg-arenatv.hitbox[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@euros4click[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@hg1.hitbox[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@hitbox[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@komtrack[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@m1.webstats4u[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@mediaplex[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@mediavantage[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@partners.webmasterplan[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@usenext[2].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@webstats4u[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@www.etracker[1].txt
C:\Dokumente und Einstellungen\Freestyler\Lokale Einstellungen\Temp\Cookies\freestyler@www.zanox-affiliate[1].txt

Adware.180solutions/ZangoSearch
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Go to Library.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Uninstall Zango Instructions.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Zango Customer Support.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango
HKCR\ClientAX.ClientInstaller
HKCR\ClientAX.ClientInstaller\CLSID
HKCR\ClientAX.ClientInstaller\CurVer
HKCR\ClientAX.ClientInstaller.1
HKCR\ClientAX.ClientInstaller.1\CLSID
HKCR\ClientAX.RequiredComponent
HKCR\ClientAX.RequiredComponent\CLSID
HKCR\ClientAX.RequiredComponent\CurVer
HKCR\ClientAX.RequiredComponent.1
HKCR\ClientAX.RequiredComponent.1\CLSID
HKCR\zangohook.SABHO
HKCR\zangohook.SABHO\CLSID
HKCR\zangohook.SABHO\CurVer
HKCR\zangohook.SABHO.1
HKCR\zangohook.SABHO.1\CLSID
HKU\S-1-5-21-1644491937-2025429265-725345543-1003\Software\Zango
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango#DisplayIcon
HKCR\ClientAX.ZangoClientAX
HKCR\ClientAX.ZangoClientAX\CLSID
HKCR\ClientAX.ZangoClientAX\CurVer
HKCR\ClientAX.ZangoClientAX.1
HKCR\ClientAX.ZangoClientAX.1\CLSID
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Control
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32#ThreadingModel
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Programmable
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32#ThreadingModel
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\Programmable
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32#ThreadingModel
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0\win32
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\FLAGS
HKCR\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\HELPDIR
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib#Version
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib#Version
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib
HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib#Version
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib#Version
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib
HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib#Version
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP505\A0098526.exe

Adware.180solutions/Search Assistant
HKCR\LMgr180.WMDRMAx
HKCR\LMgr180.WMDRMAx\CLSID
HKCR\LMgr180.WMDRMAx\CurVer
HKCR\LMgr180.WMDRMAx.1
HKCR\LMgr180.WMDRMAx.1\CLSID
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP505\A0098522.dll
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP505\A0098524.exe
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP534\A0101082.dll
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP534\A0101083.exe
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP544\A0101823.exe
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP544\A0101824.dll

BearShare File Sharing Client
D:\Programme\BearShare\BearShare.exe
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BearShare.lnk
C:\Dokumente und Einstellungen\Freestyler\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
C:\Dokumente und Einstellungen\Freestyler\Desktop\Verknüpfungen usw\Bearshare\BearShare.lnk
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP522\A0099235.lnk
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP545\A0102082.lnk

Unclassified.Unknown Origin
C:\Programme\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\Restart.exe

Adware.Zango Toolbar
C:\System Volume Information\_restore{A5864215-ABDF-42F8-945F-93AF85B0410E}\RP505\A0098525.dll

10.09.2006, 12:44

Sabina

Ehrenmitglied

Beiträge: 29434

#10 nun poste das neue Log vom HijackThis.

dann lade Firefox und surfe nur noch mit diesem Browser, der IE bleibt fuer die WindowsUpdates.
http://virus-protect.org/firefox.html
__________
MfG Sabina

rund um die PC-Sicherheit

10.09.2006, 13:38

nix1990

Member

Themenstarter

Beiträge: 37

#11 Hmm, na gut.
Werd versuchen mich dran zu halten^^

Logfile of HijackThis v1.99.1
Scan saved at 13:37:50, on 10.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
e:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Programme\Razer\razertra.exe
C:\Programme\Razer\razerhid.exe
D:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Razer\razerofa.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
D:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Programme\ICQLite\ICQLite.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Freestyler\Desktop\AntivirenZeugs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lastminute-auction.com/de/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [razertra] C:\Programme\Razer\razertra.exe
O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "e:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "d:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programme\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programme\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "d:\Programme\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{984E62DF-99C2-425F-BEB2-8F5935F94241}: NameServer = 192.168.0.1
O20 - Winlogon Notify: SASWinLogon - D:\Programme\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - e:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

10.09.2006, 14:11

Sabina

Ehrenmitglied

Beiträge: 29434

#12 fixe mit dem HijackThis:

Zitat

O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

fixe, damit es aus dem autostart kommt

O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

PC neustarten

installiere den ICQLite neu.

----------------------------------------------------

Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung
- Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
- Click:Temporäre Dateien, o.k

**
mit dem IE: scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

10.09.2006, 19:52

nix1990

Member

Themenstarter

Beiträge: 37

#13 Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Programme\Mozilla Firefox\plugins\NPMyGlSh.dll
Adware:adware/atlas Not disinfected c:\windows\switpc.dat
Adware:adware/ist.istbar Not disinfected c:\programme\gemeinsame dateien\Totem Shared
Adware:adware/cws Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\MyGlobalSearch
Potentially unwanted tool:application/myway Not disinfected hkey_classes_root\clsid\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/powerscan Not disinfected Windows Registry
Adware:adware/comet Not disinfected Windows Registry
Potentially unwanted tool:Application/Zango Not disinfected C:\avenger\backup-10.09.2006- 0.47.20,84.zip[avenger/ClientAX.dll]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\avenger\backup-10.09.2006- 0.47.20,84.zip[avenger/MyGlobalSearch/bar/1.bin/M9PLUGIN.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\avenger\backup-10.09.2006- 0.47.20,84.zip[avenger/MyGlobalSearch/bar/1.bin/MGSBAR.DLL]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\avenger\backup-10.09.2006- 0.47.20,84.zip[avenger/MyGlobalSearch/bar/1.bin/NPMYGLSH.DLL]
Potentially unwanted tool:Application/Zango Not disinfected C:\avenger\backup-10.09.2006- 0.47.20,84.zip[avenger/Zango/zango.exe]
Potentially unwanted tool:Application/Zango Not disinfected C:\avenger\backup-10.09.2006- 0.47.20,84.zip[avenger/Zango/zangohook.dll]
Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Freestyler\Anwendungsdaten\Mozilla\Firefox\Profiles\ermb26za.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Dokumente und Einstellungen\Freestyler\Anwendungsdaten\Mozilla\Firefox\Profiles\ermb26za.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Advertising Not disinfected C:\Dokumente und Einstellungen\Freestyler\Anwendungsdaten\Mozilla\Firefox\Profiles\ermb26za.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Dokumente und Einstellungen\Freestyler\Anwendungsdaten\Mozilla\Firefox\Profiles\ermb26za.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Freestyler\Anwendungsdaten\Mozilla\Firefox\Profiles\ermb26za.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/2o7 Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@2o7[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@advertising[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@as1.falkag[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@com[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@cs.sexcounter[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@doubleclick[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@serving-sys[1].txt
Spyware:Cookie/SexList Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@sexlist[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Freestyler\Cookies\freestyler@tradedoubler[2].txt
Potentially unwanted tool:Application/Zango Not disinfected C:\Programme\Mozilla Firefox\plugins\npclntax.dll
Potentially unwanted tool:Application/Zango Not disinfected D:\Programme\BearShare\BearShareZangoInstaller.exe

10.09.2006, 21:44

Sabina

Ehrenmitglied

Beiträge: 29434

#14 nix1990

Avenger

Zitat

Files to delete:
C:\Programme\Mozilla Firefox\plugins\NPMyGlSh.dll
C:\Programme\Mozilla Firefox\plugins\npclntax.dll
c:\windows\switpc.dat
D:\Programme\BearShare\BearShareZangoInstaller.exe

Folders to delete:
D:\Programme\BearShare
C:\Programme\Gemeinsame Dateien\Totem Shared

**
loesche alle backups vom avenger
C:\avenger\backup-10.09.2006- 0.47.20,84.zip

**
lade keinen Muell mehr, wenn du in Zukunft in Ruhe im Net surfen willst...siehe: BearShare
__________
MfG Sabina

rund um die PC-Sicherheit

10.09.2006, 22:19

nix1990

Member

Themenstarter

Beiträge: 37

#15 Hm ja ich weiß schon das BearShare n Haufen ungewolltes Zeugs reinholt. Aber wo soll man denn sonst Illegal seine Musik herbekommen?

Kannst du mir nen sicheres Filesharing Programm empfehlen?

ach ja kurze Frage noch. Ich weiß das das hier nich hingehört und das mir da auch bestimmt keiner Helfen kann
Aber seitdem hier vor Monaten nen Blitz eingeschlagen und den Strom gekappt hat denkt mein PC meine Windows Version sei gefälscht und nervt mich immer damit eine neue zu kaufen.
Da kann man aber nichts machen als wirklich ne neue kaufen oder?

Danke schon mal

MfG Julien

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

» Internetverbindung sofort 45sec nach dem hochfahren des Pcs
»
»
»
»

Seite(n): 1 2