Wie kann ich SpySheriff, NDotNEt und Spayware.MArketscore löschen?

#0
24.11.2006, 20:23
...neu hier

Beiträge: 6
#1 Hallo!
Kann mir bitte Jemand helfen? Ich habe durch das Internet wahrscheinlich ein Virus eingefangen dass mir am Anfang pausenlos Browser-Fenster neu angezeigt hat (die ich doch noch schließen konnte) und seitdem, ständig eine Systemgefährdungsmeldung in der Taskleiste anzeigt. Northon Antivirus meldet 9 möglische Risiko Quellen, löscht diese aber nicht. Hier die Pfade und anschließend die Logfile (hoffe das reicht vorerst, danke):


c:\WIN\System32\dcwaah.dll Ad.Spysheriff
c:\windows\NDNuninstall7 22.exe Ad.NDotNet
c:\Programme\NewDotNet\newdotnet7 22.exe Ad.NDotNet
c:\WIN\Syst32\rk.bin Spyware.Marketscore
c:\WIN\Syst32\rlls.dll Spyware.Marketscore
c:\WIN\Syst32\rlvknlg.exe Spyware.Marketscore
c:\Dokumente und Einstellunegn\walid\Lokale Einstellungen\Temp\SHNT288.exe Ad. NDotNet
c:\Program Files\PestTrap\uninstall.exe Ad.NDotNet
c:\Progam Files\NewDotNet\uninstall7.exe Ad.NDotNet




Logfile of HijackThis v1.99.1
Scan saved at 19:31:37, on 24.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Samsung\Samsung Command Center\PIC_UI.exe
C:\PROGRA~1\Samsung\SA8644~1\SAMSUN~1.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Programme\Macrogaming\SweetIM\SweetIM.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Messenger\msmsgs.exe
C:\DOKUME~1\walid\LOKALE~1\Temp\Rar$EX00.953\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [AVStation premium] "C:\Programme\Samsung\AVStation premium\bin\AVStation agent.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SamsungPIC] C:\Programme\Samsung\Samsung Command Center\PIC_UI.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYDE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programme\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
Seitenanfang Seitenende
24.11.2006, 22:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Sayf

1.
LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing" -- Remove
- und loesche die newdotnet7_22.dll (eventuell musst du die dll von links nach rechts bringen) + Remove

2.
poste bitte dieses log
http://virus-protect.org/artikel/tools/combofix.html

3.
wende Cleanup an
http://virus-protect.org/cleanup.html

4.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Eigene Dateien" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temporary Internet Files\Content.IE5" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
24.11.2006, 23:10
...neu hier

Themenstarter

Beiträge: 6
#3 Hallo Sabina!
Vielen vielen Dank für die schnelle Antwort hier die log von combofix:



walid - 06-11-24 23:02:38,46 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Dokumente und Einstellungen\walid\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-24 to 2006-11-24 ))))))))))))))))))))))))))))))))))


2006-11-24 21:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2006-11-24 19:22 <DIR> d-------- C:\Programme\CleanUp!
2006-11-24 09:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\iS3
2006-11-24 09:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZILLAbar
2006-11-24 09:08 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla!
2006-11-24 02:22 <DIR> d-------- C:\Programme\SPYWAREfighter
2006-11-24 02:18 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Google
2006-11-24 02:17 <DIR> d-------- C:\Programme\Spyware Doctor
2006-11-24 02:17 <DIR> d-------- C:\Programme\Google
2006-11-24 02:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2006-11-24 02:13 <DIR> d-------- C:\Programme\MalwareWiper
2006-11-24 02:01 <DIR> d-------- C:\Programme\Antivirus-Golden
2006-11-24 01:45 <DIR> d-------- C:\Program Files
2006-11-24 00:33 77,824 --a------ C:\WINDOWS\system32\dcvwaah.dll
2006-11-24 00:33 <DIR> d-------- C:\Programme\Virus-Bursters
2006-11-24 00:32 <DIR> d-------- C:\Programme\Gold Codec
2006-11-22 17:26 <DIR> d-------- C:\Programme\Macrogaming
2006-11-22 03:26 28,672 --a------ C:\WINDOWS\system32\f3PSSavr.scr
2006-11-22 03:26 <DIR> d-------- C:\Programme\MyWebSearch
2006-11-22 03:25 315,392 --a------ C:\WINDOWS\system32\rlls.dll
2006-11-22 03:25 <DIR> d-------- C:\Programme\FunWebProducts
2006-11-22 03:23 183,296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-11-22 03:22 1,429,504 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-11-22 03:21 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-11-22 03:21 <DIR> d-a-s---- C:\Programme\NewDotNet
2006-11-19 13:27 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-19 13:27 128,232 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-18 15:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Live Toolbar
2006-11-18 15:04 <DIR> d-------- C:\Programme\Windows Live Toolbar
2006-11-18 15:03 <DIR> d-------- C:\Programme\MSN Messenger
2006-11-16 00:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-11-14 20:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-13 22:28 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\MSNInstaller
2006-11-12 03:00 <DIR> d-------- C:\Programme\WinRAR
2006-11-12 01:38 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Contacts
2006-11-11 05:46 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Nokia Multimedia Player
2006-11-10 14:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2006-11-10 14:55 <DIR> d-------- C:\Programme\DIFX
2006-11-10 14:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
2006-11-08 21:49 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-08 21:49 <DIR> d-------- C:\WINDOWS\system32\de-de
2006-11-08 21:46 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-08 21:44 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-08 21:43 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-08 21:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2006-11-08 20:57 <DIR> d-------- C:\Programme\SymNetDrv
2006-11-06 00:51 <DIR> d-------- C:\Dokumente und Einstellungen\walid\runtime-EclipseApplication
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 23:55 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\CyberLink
2006-10-29 20:43 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Phone Browser
2006-10-29 20:43 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Nokia
2006-10-29 20:43 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\DataLayer
2006-10-29 20:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-10-29 20:35 <DIR> d-------- C:\Programme\Nokia
2006-10-29 20:35 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2006-10-29 20:35 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\PC Suite
2006-10-29 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-24 10:17 48,424 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-24 21:17 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-11-24 21:11 869 --a------ C:\Dokumente und Einstellungen\walid\Anwendungsdaten\AdobeDLM.log
2006-11-24 21:11 0 --a------ C:\Dokumente und Einstellungen\walid\Anwendungsdaten\dm.ini
2006-11-24 21:11 -------- d-------- C:\Programme\Adobe
2006-11-24 21:03 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-11-24 00:43 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Skype
2006-11-23 23:12 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\AdobeUM
2006-11-22 17:26 -------- d---s---- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Microsoft
2006-11-22 03:26 -------- d-------- C:\Programme\Internet Explorer
2006-11-19 17:47 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-11-18 15:00 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-11-13 22:28 -------- d-------- C:\Programme\MSN
2006-11-08 20:59 -------- d-------- C:\Programme\Norton AntiVirus
2006-11-08 20:58 -------- d-------- C:\Programme\Symantec
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-14 23:56 -------- d-------- C:\Programme\Windows Media Player
2006-10-14 23:56 -------- d-------- C:\Programme\Messenger
2006-10-14 23:52 -------- d-------- C:\Programme\Outlook Express
2006-10-14 23:52 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-10-14 22:52 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Macromedia
2006-10-14 19:53 -------- d-------- C:\Programme\Microsoft.NET
2006-10-14 19:51 -------- d-------- C:\Programme\Microsoft Office
2006-10-14 19:51 -------- d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 19:24 -------- d-------- C:\Programme\Canon
2006-10-08 20:34 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Adobe
2006-10-08 14:22 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Real
2006-10-08 14:21 -------- d-------- C:\Programme\Gemeinsame Dateien\xing shared
2006-10-08 14:21 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2006-10-08 14:20 -------- d-------- C:\Programme\Real
2006-10-08 10:56 -------- d-------- C:\Programme\Skype
2006-10-08 00:53 -------- d-------- C:\Programme\Hewlett-Packard
2006-10-07 23:24 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Symantec
2006-10-07 23:22 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Samsung Electronics
2006-10-07 23:22 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Help
2006-10-07 23:19 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-07 23:19 -------- d-------- C:\Programme\Samsung
2006-10-07 23:14 -------- d-------- C:\Programme\CyberLink
2006-10-07 23:13 -------- d-------- C:\Programme\Ahead
2006-10-07 23:12 -------- d-------- C:\Programme\Gemeinsame Dateien\Ahead
2006-10-07 23:08 -------- d-------- C:\Programme\PIC
2006-10-07 23:07 -------- d-------- C:\Programme\MSXML 4.0
2006-10-07 23:06 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-10-07 23:05 -------- d-------- C:\Programme\Synaptics
2006-10-07 23:05 -------- d-------- C:\Programme\SRS Labs
2006-10-07 23:05 -------- d-------- C:\Programme\ltmoh
2006-10-07 23:04 -------- d-------- C:\Programme\Analog Devices
2006-10-07 23:03 -------- d-------- C:\Programme\Intel
2006-10-07 23:02 -------- d-------- C:\Programme\ATI Technologies
2006-10-07 20:34 -------- d-------- C:\Programme\MATLAB
2006-10-07 20:17 -------- d--h----- C:\Programme\Uninstall Information
2006-10-07 20:17 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Identities
2006-10-07 20:15 -------- d-------- C:\Programme\Java
2006-10-07 20:15 -------- d-------- C:\Programme\Gemeinsame Dateien\Java
2006-10-07 20:09 62 --ahs---- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\desktop.ini
2006-10-07 20:09 -------- d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines
2006-10-07 20:09 -------- d-------- C:\Programme\Gemeinsame Dateien\ODBC
2006-10-07 20:05 -------- d-------- C:\Programme\xerox
2006-10-07 20:05 -------- d-------- C:\Programme\microsoft frontpage
2006-10-07 20:04 0 -rahs---- C:\MSDOS.SYS
2006-10-07 20:04 0 -rahs---- C:\IO.SYS
2006-10-07 20:04 0 --a------ C:\CONFIG.SYS
2006-10-07 20:04 0 --a------ C:\AUTOEXEC.BAT
2006-10-07 20:03 -------- d--h----- C:\Programme\WindowsUpdate
2006-10-07 20:03 -------- d-------- C:\Programme\Online-Dienste
2006-10-07 20:02 -------- d-------- C:\Programme\NetMeeting
2006-10-07 20:02 -------- d-------- C:\Programme\Movie Maker
2006-10-07 20:02 -------- d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2006-10-07 20:02 -------- d-------- C:\Programme\Gemeinsame Dateien\Dienste
2006-10-07 20:01 -------- d-------- C:\Programme\ComPlus Applications
2006-10-07 20:00 -------- d-------- C:\Programme\Windows NT
2006-10-07 20:00 -------- d-------- C:\Programme\Online Services
2006-10-07 20:00 -------- d-------- C:\Programme\MSN Gaming Zone
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:42 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 16:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="~\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"SweetIM"="C:\\Programme\\Macrogaming\\SweetIM\\SweetIM.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0\\bin\\jusched.exe"
"ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="C:\\Programme\\ltmoh\\Ltmoh.exe"
"MagicKeyboard"="C:\\Programme\\SAMSUNG\\MagicKBD\\PreMKBD.exe"
"AVStation premium"="\"C:\\Programme\\Samsung\\AVStation premium\\bin\\AVStation agent.exe\""
"BatteryManager"="C:\\Programme\\Samsung\\Samsung Battery Manager\\BatteryManager.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"SamsungPIC"="C:\\Programme\\Samsung\\Samsung Command Center\\PIC_UI.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Easy-PrintToolBox"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"My Web Search Bar Search Scope Monitor"="\"C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\m3SrchMn.exe\" /m=0"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"SweetIM"="C:\\Programme\\Macrogaming\\SweetIM\\SweetIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prfen - walid.job

Completion time: 06-11-24 23:03:05.92
C:\ComboFix.txt ... 06-11-24 23:03
C:\ComboFix2.txt ... 06-11-24 23:00






...und hier der Text aus listen.bat nachdem ich Cleanup angewendet habe:







Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\WINDOWS\Downloaded Program Files

14.07.2005 17:28 365 f3initialsetup1.0.0.15.inf
09.11.2006 14:36 5.019 swflash.inf
2 Datei(en) 5.384 Bytes
0 Verzeichnis(se), 35.193.417.728 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Programme

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Dokumente und Einstellungen\walid

24.11.2006 19:40 <DIR> .
24.11.2006 19:40 <DIR> ..
24.10.2006 17:43 155 .appletviewer
07.10.2006 23:35 <DIR> Application Data
13.11.2006 20:07 <DIR> Contacts
24.11.2006 23:20 <DIR> Desktop
24.11.2006 00:00 <DIR> Eigene Dateien
24.11.2006 00:33 <DIR> Favoriten
29.10.2006 21:32 <DIR> Phone Browser
06.11.2006 00:51 <DIR> runtime-EclipseApplication
24.11.2006 10:02 <DIR> Startmen
23.11.2006 23:05 <DIR> workspace
1 Datei(en) 155 Bytes
11 Verzeichnis(se), 35.193.413.632 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Dokumente und Einstellungen\walid\Eigene Dateien

24.11.2006 00:00 <DIR> .
24.11.2006 00:00 <DIR> ..
07.10.2006 23:09 <DIR> AVStation Premium
10.10.2006 12:29 <DIR> CyberLink
22.11.2006 23:26 <DIR> Eigene Bilder
08.10.2006 20:34 <DIR> Eigene eBooks
19.11.2006 21:33 <DIR> Eigene Musik
18.11.2006 22:12 <DIR> Eigene Videos
24.11.2006 10:04 597 Meine freigegebenen Ordner.lnk
12.11.2006 03:40 <DIR> My Skype Pictures
22.11.2006 23:59 <DIR> Privat
15.11.2006 19:38 <DIR> Wissam
1 Datei(en) 597 Bytes
11 Verzeichnis(se), 35.193.413.632 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Program Files

24.11.2006 01:45 <DIR> .
24.11.2006 01:45 <DIR> ..
24.11.2006 02:44 <DIR> PestTrap
0 Datei(en) 0 Bytes
3 Verzeichnis(se), 35.193.413.632 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Dokumente und Einstellungen\walid\Lokale Einstellungen\Temporary Internet Files\Content.IE5

24.11.2006 23:15 245.760 index.dat
1 Datei(en) 245.760 Bytes
0 Verzeichnis(se), 35.193.413.632 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Dokumente und Einstellungen\walid\Lokale Einstellungen\Temp

24.11.2006 23:15 <DIR> .
24.11.2006 23:15 <DIR> ..
24.11.2006 21:19 426 Acr6F09.tmp
24.11.2006 21:19 426 Acr6F0A.tmp
24.11.2006 23:15 0 JETDCB1.tmp
24.11.2006 23:15 0 JETDD8C.tmp
24.11.2006 23:15 206 jusched.log
24.11.2006 23:15 0 PICLog.log
6 Datei(en) 1.058 Bytes
2 Verzeichnis(se), 35.193.413.632 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\WINDOWS\Temp

24.11.2006 23:15 <DIR> .
24.11.2006 23:15 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 35.193.413.632 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Programme

24.11.2006 23:15 <DIR> .
24.11.2006 23:15 <DIR> ..
24.11.2006 21:11 <DIR> Adobe
07.10.2006 23:13 <DIR> Ahead
07.10.2006 23:04 <DIR> Analog Devices
24.11.2006 02:40 <DIR> Antivirus-Golden
07.10.2006 23:02 <DIR> ATI Technologies
12.10.2006 19:24 <DIR> Canon
24.11.2006 19:22 <DIR> CleanUp!
07.10.2006 20:01 <DIR> ComPlus Applications
07.10.2006 23:14 <DIR> CyberLink
16.11.2006 00:15 <DIR> DIFX
22.11.2006 05:19 <DIR> FunWebProducts
24.11.2006 23:15 <DIR> Gemeinsame Dateien
24.11.2006 09:12 <DIR> Gold Codec
24.11.2006 02:19 <DIR> Google
08.10.2006 00:53 <DIR> Hewlett-Packard
07.10.2006 23:03 <DIR> Intel
22.11.2006 03:26 <DIR> Internet Explorer
07.10.2006 20:15 <DIR> Java
07.10.2006 23:05 <DIR> ltmoh
22.11.2006 17:26 <DIR> Macrogaming
24.11.2006 10:02 <DIR> MalwareWiper
07.10.2006 20:34 <DIR> MATLAB
14.10.2006 23:56 <DIR> Messenger
07.10.2006 20:05 <DIR> microsoft frontpage
14.10.2006 19:51 <DIR> Microsoft Office
14.10.2006 19:53 <DIR> Microsoft.NET
07.10.2006 20:02 <DIR> Movie Maker
13.11.2006 22:28 <DIR> MSN
07.10.2006 20:00 <DIR> MSN Gaming Zone
23.11.2006 01:00 <DIR> MSN Messenger
07.10.2006 23:07 <DIR> MSXML 4.0
22.11.2006 03:26 <DIR> MyWebSearch
07.10.2006 20:02 <DIR> NetMeeting
10.11.2006 14:55 <DIR> Nokia
08.11.2006 20:59 <DIR> Norton AntiVirus
07.10.2006 20:00 <DIR> Online Services
07.10.2006 20:03 <DIR> Online-Dienste
14.10.2006 23:52 <DIR> Outlook Express
07.10.2006 23:08 <DIR> PIC
08.10.2006 14:20 <DIR> Real
07.10.2006 23:19 <DIR> Samsung
08.10.2006 10:56 <DIR> Skype
24.11.2006 09:57 <DIR> Spyware Doctor
24.11.2006 08:50 <DIR> SPYWAREfighter
07.10.2006 23:05 <DIR> SRS Labs
08.11.2006 20:58 <DIR> Symantec
08.11.2006 20:57 <DIR> SymNetDrv
07.10.2006 23:05 <DIR> Synaptics
24.11.2006 02:44 <DIR> Virus-Bursters
23.11.2006 00:37 <DIR> Windows Live Toolbar
14.10.2006 23:56 <DIR> Windows Media Player
07.10.2006 20:00 <DIR> Windows NT
12.11.2006 03:00 <DIR> WinRAR
07.10.2006 20:05 <DIR> xerox
0 Datei(en) 0 Bytes
56 Verzeichnis(se), 35.193.409.536 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Dokumente und Einstellungen\walid\Lokale Einstellungen\Anwendungsdaten

24.11.2006 21:18 <DIR> Adobe
14.10.2006 20:01 <DIR> Ahead
22.11.2006 23:59 47.104 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
19.10.2006 23:17 42.168 GDIPFONTCACHEV1.DAT
08.10.2006 14:21 <DIR> Google
07.10.2006 23:22 <DIR> Help
14.11.2006 23:06 <DIR> Microsoft
07.10.2006 20:15 <DIR> {3248F0A6-6813-11D6-A77B-00B0D0150000}
2 Datei(en) 89.272 Bytes
6 Verzeichnis(se), 35.193.409.536 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Dokumente und Einstellungen\walid\Anwendungsdaten

08.10.2006 20:34 <DIR> Adobe
24.11.2006 21:11 869 AdobeDLM.log
23.11.2006 23:12 <DIR> AdobeUM
31.10.2006 23:55 <DIR> CyberLink
29.10.2006 20:43 <DIR> DataLayer
24.11.2006 21:11 0 dm.ini
24.11.2006 02:32 <DIR> Google
07.10.2006 23:22 <DIR> Help
07.10.2006 20:17 <DIR> Identities
14.10.2006 22:52 <DIR> Macromedia
13.11.2006 22:28 <DIR> MSNInstaller
29.10.2006 20:43 <DIR> Nokia
11.11.2006 05:46 <DIR> Nokia Multimedia Player
10.11.2006 14:58 <DIR> PC Suite
08.10.2006 14:22 <DIR> Real
07.10.2006 23:22 <DIR> Samsung Electronics
24.11.2006 00:43 <DIR> Skype
07.10.2006 23:24 <DIR> Symantec
2 Datei(en) 869 Bytes
16 Verzeichnis(se), 35.193.405.440 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

24.11.2006 21:13 <DIR> Adobe
07.10.2006 23:14 <DIR> CyberLink
10.11.2006 14:54 <DIR> Downloaded Installations
24.11.2006 02:17 <DIR> Google
10.11.2006 14:58 <DIR> PC Suite
07.10.2006 23:22 <DIR> Samsung Electronics
24.11.2006 09:50 <DIR> STOPzilla!
07.10.2006 23:22 <DIR> Symantec
08.11.2006 21:39 <DIR> Windows Genuine Advantage
18.11.2006 15:05 <DIR> Windows Live Toolbar
24.11.2006 09:19 <DIR> ZILLAbar
0 Datei(en) 0 Bytes
11 Verzeichnis(se), 35.193.405.440 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Programme\Gemeinsame Dateien

24.11.2006 23:15 <DIR> .
24.11.2006 23:15 <DIR> ..
24.11.2006 21:03 <DIR> Adobe
07.10.2006 23:12 <DIR> Ahead
14.10.2006 19:51 <DIR> DESIGNER
07.10.2006 20:02 <DIR> Dienste
07.10.2006 23:06 <DIR> InstallShield
24.11.2006 09:08 <DIR> iS3
07.10.2006 20:15 <DIR> Java
18.11.2006 15:00 <DIR> Microsoft Shared
07.10.2006 20:02 <DIR> MSSoap
10.11.2006 14:55 <DIR> Nokia
07.10.2006 20:09 <DIR> ODBC
10.11.2006 14:55 <DIR> PCSuite
08.10.2006 14:21 <DIR> Real
07.10.2006 20:09 <DIR> SpeechEngines
19.11.2006 17:47 <DIR> Symantec Shared
14.10.2006 23:52 <DIR> System
08.10.2006 14:21 <DIR> xing shared
0 Datei(en) 0 Bytes
19 Verzeichnis(se), 35.193.405.440 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\Windows\tasks

24.11.2006 20:00 568 Norton AntiVirus - Meinen Computer prfen - walid.job
1 Datei(en) 568 Bytes
0 Verzeichnis(se), 35.193.405.440 Bytes frei
Dieser Beitrag wurde am 24.11.2006 um 23:33 Uhr von Sayf editiert.
Seitenanfang Seitenende
25.11.2006, 00:17
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Antivirus-Golden

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

Gold Codec

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

MalwareWiper

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

PestTrap

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

--------------------------------------------------------------------------------

LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing" -- Remove
- und loesche die rlls.dll (eventuell musst du die dll von links nach rechts bringen) + Remove

---------------

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gold Codec
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}
HKLM\SOFTWARE\Classes\CLSID\{40dcff6e-af8d-4183-8ebe-a82270ac449e}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F83E8F99-AE49-45D6-92B4-59854BF0A759}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C97C3B7C-E022-4FA8-B1A7-1C28270FFAFF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96467F12-0518-4E85-AC6A-4858017F1400}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MalwareWiper.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareWiper
HKLM\SOFTWARE\MalwareWiper

Files to delete:
C:\WINDOWS\system32\dcvwaah.dll
C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\MalwareWiper 4.3.lnk
C:\Dokumente und Einstellungen\%UserName%\Desktop\MalwareWiper.lnk
C:\Dokumente und Einstellungen\%UserName%\Startmenü\MalwareWiper 4.3.lnk
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\system32\rlvknlg.exe
C:\WINDOWS\system32\sporder.dll

Folders to delete:
C:\Programme\Macrogaming
C:\Program Files\PestTrap
C:\Programme\Virus-Bursters
C:\Programme\MyWebSearch
C:\Programme\MalwareWiper
C:\Programme\Antivirus-Golden
C:\Programme\NewDotNet
C:\Programme\Gold Codec
C:\Programme\FunWebProducts
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZILLAbar
C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp\~nsu.tmp
C:\Dokumente und Einstellungen\%UserName%\Startmenü\Programme\MalwareWiper
Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html

---------------------
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet7_22.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programme\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [SweetIM] C:\Programme\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk789YYDE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

PC neustarten

**
scanne, stelle alles auf remove und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.11.2006, 02:25
...neu hier

Themenstarter

Beiträge: 6
#5 ...also hier die weiteren Schritte (nochmals vielen Dank):



REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 25.11.2006 02:15:23 for strings:
; 'antivirus-golden'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Antivirus-Golden]

; End Of The Log...





REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 25.11.2006 02:17:55 for strings:
; 'gold codec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006]
"UninstallString"="\"C:\\Programme\\Gold Codec\\iesuninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03]
"UninstallString"="\"C:\\Programme\\Gold Codec\\pmuninst.exe\""

[HKEY_USERS\S-1-5-21-1275210071-1004336348-725345543-1004\Software\Internet Security]
"Path"="C:\\Programme\\Gold Codec"

; End Of The Log...





REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 25.11.2006 02:19:23 for strings:
; 'malwarewiper'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96467F12-0518-4E85-AC6A-4858017F1400}\1.0\0\win32]
@="C:\\Programme\\MalwareWiper\\MalwareWiper.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96467F12-0518-4E85-AC6A-4858017F1400}\1.0\HELPDIR]
@="C:\\Programme\\MalwareWiper\\"

[HKEY_USERS\S-1-5-21-1275210071-1004336348-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\MalwareWiper]

; End Of The Log...



REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 25.11.2006 02:21:12 for strings:
; 'pesttrap'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-1275210071-1004336348-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PestTrap]

; End Of The Log...





Mit LSPfix finde ich keine rlls.dll, ich konnte die also nicht löschen!



Nach der Anwendung von Avenger und anschließendem Neustart bekomme ich diese Fehlermeldungen: RUNDLL Fehler beim Laden von c:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL (diese verschwindet allerdings nach ausführen von Smitfraudfix) und es erscheint die Meldung "Eingeschränkte oder keine Konnektivität der Netzwerkverbindung" (ich komme also nicht mehr ins Internet rein, ich habe eine W-Lan Verbindung)




Hier der Scanreport von Counterspy:





Spyware Scan Details
Start Date: 25.11.2006 03:58:43
End Date: 25.11.2006 04:23:57
Total Time: 25 mins 14 secs

Detected spyware

MyWebSearch Toolbar Potentially Unwanted Software more information...
Details: WebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted

Infected files detected
C:\Programme\MSN Messenger\riched20.dll

Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch\bar
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch\bar MenuExtLabel &Search
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch\bar DSS {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID FunWebProducts.IECookiesManager.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID FunWebProducts.IECookiesManager
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} IECookiesManager Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID FunWebProducts.PopSwatterSettingsControl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib {8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID FunWebProducts.PopSwatterSettingsControl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} PopSwatter Settings Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1 132497
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID FunWebProducts.HistoryKillerScheduler.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID FunWebProducts.HistoryKillerScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} HistoryKillerScheduler Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID FunWebProducts.HistorySwatterControlBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID FunWebProducts.HistorySwatterControlBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} HistorySwatterControlBar Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib {8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} PopSwatter Server Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1\CLSID {ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1 My Web Search for Outlook
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1\CLSID {07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MyWebSearchToolBar.SettingsPlugin.1 MyWebSearch Settings Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1 132497
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID FunWebProducts.KillerObjManager.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID FunWebProducts.KillerObjManager
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} KillerObjManager Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID FunWebProducts.PopSwatterBarButton.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib {8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID FunWebProducts.PopSwatterBarButton
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} Bar Button Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1 131473
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID MyWebSearchToolBar.SettingsPlugin.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib {07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID MyWebSearchToolBar.SettingsPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} MyWebSearch Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1 131473
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID ScreenSaverControl.ScreenSaverInstaller.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib {29D67D3C-509A-4544-903F-C8C1B8236554}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID ScreenSaverControl.ScreenSaverInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} ScreenSaverInstaller Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin Description My Web Search Outlook Container
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin FriendlyName Fun Tools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin LoadBehavior 2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1 131473
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\MiscStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\TypeLib {07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA} mwsBar Installer2
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance CLSID {4D5C8C2A-D075-11d0-B416-00C04FB90376}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag Url res://C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL/105
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32 ThreadingModel Both
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32 ThreadingModel Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches mwssrcas.dll 0
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches ypager.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msnmsgr.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icqlite.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icq.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches aim.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches waol.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches outlook.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msimn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches incmail.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 Path C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 Toolbar 07B18EA9-A523-4961-B6BB-170DE4475CCA
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Outlook MyWebSearch.OutlookAddin {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin LoadBehavior 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin FriendlyName Fun Tools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin Description My Web Search Outlook Container
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin Description My Web Search Outlook Container
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall Publisher My Web Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall DisplayName My Web Search (Smiley Central)
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Visible 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar un My Web Search (Smiley Central)
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo Yahoo.2.old You just received a smiley! Go to @LINK@ to see it!
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo Yahoo.1.old Your buddy sent you a smiley! Go to @LINK@ to see it!
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\MWSOEPLG\Promo Yahoo.0.old You just received a smiley! Want to see it? Go to @LINK@
HKEY_CURRENT_USER\Software\MyWebSearch
HKEY_CURRENT_USER\Software\MyWebSearch\bar MenuExtLabel &Search
HKEY_CURRENT_USER\Software\MyWebSearch\bar DSS {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32 C:\WINDOWS\system32\shdocvw.dll
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance\InitPropertyBag Url res://C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL/105
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}\Instance CLSID {4D5C8C2A-D075-11d0-B416-00C04FB90376}
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} My Web Search Quick View
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3DTACTL.DLL
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID FunWebProducts.DataControl.1
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib {C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID FunWebProducts.DataControl
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} DataCtrl Class
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID MyWebSearch.HTMLPanel.1
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib {3E720450-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID MyWebSearch.HTMLPanel
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} MyWebSearch HTML
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID MyWebSearchToolBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib {07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID MyWebSearchToolBar.ToolbarPlugin
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} MyWebSearch Toolbar Plugin
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib {7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID MyWebSearch.PseudoTransparentPlugin
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} MyWebSearch Pseudo Transparent Plugin
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1 131473
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib {7473D290-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} MyWebSearch Popup Menu Plugin
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 C:\Programme\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib {0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} HttpControl Class
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib {07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} IMyWebSearchSettings
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib {07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} _IMyWebSearchSettingsEvents
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} ICookie
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390} IHistoryKiller
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib {C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} _IDataCtrlEvents
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib {C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728} IDataCtrl
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} IKillerObjManager
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib {29D67D3C-509A-4544-903F-C8C1B8236554}
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} IScreenSaverInstaller
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib {29D67D3C-509A-4544-903F-C8C1B8236554}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} IMonitorEvents
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib {E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} IF3HTMLMenu
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} IIECookiesManager
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib {3E720450-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} IMyWebSearchHTMLPanel
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib {3E720450-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906} _IMyWebSearchHTMLPanelEvents
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib {8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} IFunWebProductsPopSwatterSettings
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib {8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} _IFunWebProductsPopSwatterSettingsEvents
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib {F42228FB-E84E-479E-B922-FBBD096E792C}
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} IF3IMPlugin
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib {E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib {7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchSkinSettings
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib {7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchPseudoTransparent
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib {7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchPopupMenu
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib {7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} IMyWebSearchSkinWindow
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} IHistoryKillerScheduler
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69} ICookiesCollection
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} _IIECookiesManagerEvents
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} ILargeStringDisp
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib {F42228FB-E84E-479E-B922-FBBD096E792C}
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} IF3AIMContainer
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib {0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} IHttpControl
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib {0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} IHttpControlEvents
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib {8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} _IHistorySchedulerEvents
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CLSID {3E720452-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel\CurVer MyWebSearch.HTMLPanel.1
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel MyWebSearch HTML Panel
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin\CurVer MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin MyWebSearch Pseudo Transparent Plugin
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1\CLSID {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 MyWebSearch Pseudo Transparent Plugin
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin\CLSID {53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin\CurVer MyWebSearchToolBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin MyWebSearch Toolbar Plugin
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1\CLSID {53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 MyWebSearch Toolbar Plugin
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller\CLSID {9FF05104-B030-46FC-94B8-81276E4E27DF}
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller\CurVer ScreenSaverControl.ScreenSaverInstaller.1
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller ScreenSaverInstaller Class
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1\CLSID {9FF05104-B030-46FC-94B8-81276E4E27DF}
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 ScreenSaverInstaller Class
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0 Toolbar 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0 HttpControl 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0 ScreenSaverControl 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0 HTML 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0 Skin 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0 HistoryKiller 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0 PopSwatter Control 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\F3DTACTL.DLL
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin\
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0 DataCtrl 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0 F3HTMLMenu000
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32 C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR C:\Programme\MyWebSearch\bar\1.bin
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0 F3OEContainer000
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches incmail.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msimn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msn.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches outlook.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches waol.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches aim.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icq.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches icqlite.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msmsgs.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches msnmsgr.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches ypager.exe 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches au 0
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches mwsSrcAs.dll 0
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches ok 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches od 1
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches nk 0
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\bar\Switches nd 0
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 Toolbar 07B18EA9-A523-4961-B6BB-170DE4475CCA
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 AppName MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Email-IM\0 Path C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive\Outlook MyWebSearch.OutlookAddin {07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin Description My Web Search Outlook Container
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin FriendlyName Fun Tools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin LoadBehavior 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin Description My Web Search Outlook Container
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin FriendlyName Fun Tools
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin LoadBehavior 2


NewDotNet Browser Plug-in more information...
Details: New.Net is an Internet Explorer spyware/hijacker plug-in that adds subdomains of 'new.net' to your name resolution system (Windows’ Host file), resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\tldctl2.urllink.1
HKEY_CLASSES_ROOT\tldctl2.urllink.1\CLSID {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_CLASSES_ROOT\tldctl2.urllink.1 URLLink
HKEY_CLASSES_ROOT\tldctl2.urllink
HKEY_CLASSES_ROOT\tldctl2.urllink\CLSID {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_CLASSES_ROOT\tldctl2.urllink\CurVer Tldctl2.URLLink.1
HKEY_CLASSES_ROOT\tldctl2.urllink URLLink
HKEY_LOCAL_MACHINE\software\classes\tldctl2.urllink\clsid
HKEY_LOCAL_MACHINE\software\classes\tldctl2.urllink\clsid {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayName New.net Domains 7.22
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net UninstallString C:\WINDOWS\NDNUNI~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayIcon C:\WINDOWS\NDNUNI~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayVersion 7.22
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net Publisher New.net, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net URLInfoAbout http://www.new.net/
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net HelpLink http://www.new.net/help_faq.tp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net URLUpdateInfo http://www.new.net/index.tp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net VersionMajor 7
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net VersionMinor 22
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net URLUpdateInfo http://www.new.net/index.tp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net HelpLink http://www.new.net/help_faq.tp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net URLInfoAbout http://www.new.net/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net Publisher New.net, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net DisplayIcon C:\WINDOWS\NDNUNI~1.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net UninstallString C:\WINDOWS\NDNUNI~1.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net LSPStatus 0
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Prt
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Source
HKEY_LOCAL_MACHINE\SOFTWARE\New.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net
HKEY_LOCAL_MACHINE\software\new.net Activity 15335
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 458774
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet7_22.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=d20a000654aa47948ceccbdb987c0241
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source SHNT288
HKEY_LOCAL_MACHINE\software\new.net Prt NN100
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 0
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29823592
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1700620778
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayName New.net Domains 7.22
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net UninstallString C:\WINDOWS\NDNUNI~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayIcon C:\WINDOWS\NDNUNI~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net DisplayVersion 7.22
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net Publisher New.net, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net URLInfoAbout http://www.new.net/
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net HelpLink http://www.new.net/help_faq.tp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net URLUpdateInfo http://www.new.net/index.tp
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net VersionMajor 7
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\new.net VersionMinor 22
HKEY_LOCAL_MACHINE\software\new.net Activity 15335
HKEY_LOCAL_MACHINE\software\new.net InstalledVersion 458774
HKEY_LOCAL_MACHINE\software\new.net InstalledPath C:\Programme\NewDotNet\newdotnet7_22.dll
HKEY_LOCAL_MACHINE\software\new.net Tag id=d20a000654aa47948ceccbdb987c0241
HKEY_LOCAL_MACHINE\software\new.net DiscardTag
HKEY_LOCAL_MACHINE\software\new.net FirstTime
HKEY_LOCAL_MACHINE\software\new.net Source SHNT288
HKEY_LOCAL_MACHINE\software\new.net Prt NN100
HKEY_LOCAL_MACHINE\software\new.net LSPStatus 0
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeHi 29823592
HKEY_LOCAL_MACHINE\software\new.net NextUpgradeLo -1700620778
HKEY_LOCAL_MACHINE\software\new.net UpgradeCounter 2
HKEY_LOCAL_MACHINE\software\new.net Search 1
HKEY_LOCAL_MACHINE\SOFTWARE\New.net Tag


FunWebProducts Adware Bundler more information...
Details: Fun Web Products bundles adware software in its products.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver ImagesFile 01AD1788.urr
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver ImagesFile 01AD1788.urr
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionCount 77
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings\MSNMessenger SessionTimestamp 7237328
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings UID C89C2169-D3A5-4946-B681-F1565E591BB9
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam234
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam105
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam101
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam108
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton\CLSID {8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton\CurVer FunWebProducts.PopSwatterBarButton.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton Bar Button Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1\CLSID {8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterBarButton.1 Bar Button Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler\CLSID {C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler\CurVer FunWebProducts.HistoryKillerScheduler.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler HistoryKillerScheduler Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1\CLSID {C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistoryKillerScheduler.1 HistoryKillerScheduler Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1\CLSID {98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu.1 Fun Web Products HTML Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl\CLSID {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl\CurVer FunWebProducts.PopSwatterSettingsControl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl PopSwatter Settings Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1\CLSID {0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager.1 IECookiesManager Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager\CLSID {0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager\CurVer FunWebProducts.IECookiesManager.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.IECookiesManager IECookiesManager Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager\CLSID {B813095C-81C0-4E40-AA14-67520372B987}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager\CurVer FunWebProducts.KillerObjManager.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager KillerObjManager Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1\CLSID {CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar.1 HistorySwatterControlBar Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1\CLSID {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.PopSwatterSettingsControl.1 PopSwatter Settings Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar\CLSID {CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar\CurVer FunWebProducts.HistorySwatterControlBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HistorySwatterControlBar HistorySwatterControlBar Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu\CLSID {3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu\CurVer FunWebProducts.HTMLMenu.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu Fun Web Products HTML Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2\CLSID {3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.HTMLMenu.2 Fun Web Products HTML Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager.1\CLSID {B813095C-81C0-4E40-AA14-67520372B987}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FunWebProducts.KillerObjManager.
Dieser Beitrag wurde am 25.11.2006 um 05:08 Uhr von Sayf editiert.
Seitenanfang Seitenende
25.11.2006, 15:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 ja, das ist schief gelaufen ;) denn ich hatte angwiesen

Zitat

LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing" -- Remove
- und loesche die newdotnet7_22.dll (eventuell musst du die dll von links nach rechts bringen) + Remove
nun ist der winsock zerstoert....
klicke auf das backup vom avenger unter c:\Avernger\backup.zip , starte den rechner neu.

dann sind zwar alle viren wieder auf dem rechner, und auch die newdotnet7_22.dll

dann wende LSPfix an, loesche die newdotnet7_22.dll mit dem proggie, dann wende den avenger erneut an und auch noch mal Counterspy

und berichte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.11.2006, 17:50
...neu hier

Themenstarter

Beiträge: 6
#7 so! ich habe die letzten Schritte durchgeführt:

Internetverbindung steht wieder ;)
Counterspy has NOT detected any spyware on your computer. ;)

Scheint als ob das Problem gelöst wurde! ( sollte ich dann trotzdem den Computer formatieren?)

Danke Sabina!
[/img]
Seitenanfang Seitenende
25.11.2006, 17:56
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 nein, nicht formatieren ;)
poste bitte das neue log vom combofix und die 6 logs von datfindbat
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.11.2006, 18:59
...neu hier

Themenstarter

Beiträge: 6
#9 log vom combofix und die von datfindbat (Danke):



walid - 06-11-25 18:00:37,32 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Dokumente und Einstellungen\walid\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-25 to 2006-11-25 ))))))))))))))))))))))))))))))))))


2006-11-25 16:37 <DIR> d-------- C:\avenger
2006-11-25 03:56 <DIR> d-------- C:\Programme\Sunbelt Software
2006-11-25 03:16 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-25 03:16 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-25 03:16 4,440 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-25 03:16 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-25 03:16 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-24 21:13 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2006-11-24 19:22 <DIR> d-------- C:\Programme\CleanUp!
2006-11-24 09:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\iS3
2006-11-24 02:22 <DIR> d-------- C:\Programme\SPYWAREfighter
2006-11-24 02:18 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Google
2006-11-24 02:17 <DIR> d-------- C:\Programme\Spyware Doctor
2006-11-24 02:17 <DIR> d-------- C:\Programme\Google
2006-11-24 02:17 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2006-11-24 01:45 <DIR> d-------- C:\Program Files
2006-11-22 03:25 315,392 --a------ C:\WINDOWS\system32\rlls.dll
2006-11-19 13:27 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-19 13:27 128,232 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-18 15:05 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Live Toolbar
2006-11-18 15:04 <DIR> d-------- C:\Programme\Windows Live Toolbar
2006-11-18 15:03 <DIR> d-------- C:\Programme\MSN Messenger
2006-11-16 00:06 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2006-11-14 20:08 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-11-13 22:28 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\MSNInstaller
2006-11-12 03:00 <DIR> d-------- C:\Programme\WinRAR
2006-11-12 01:38 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Contacts
2006-11-11 05:46 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Nokia Multimedia Player
2006-11-10 14:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nokia
2006-11-10 14:55 <DIR> d-------- C:\Programme\DIFX
2006-11-10 14:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
2006-11-08 21:49 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-08 21:49 <DIR> d-------- C:\WINDOWS\system32\de-de
2006-11-08 21:46 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-08 21:44 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-08 21:43 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-08 21:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2006-11-08 20:57 <DIR> d-------- C:\Programme\SymNetDrv
2006-11-06 00:51 <DIR> d-------- C:\Dokumente und Einstellungen\walid\runtime-EclipseApplication
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 23:55 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\CyberLink
2006-10-29 20:43 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Phone Browser
2006-10-29 20:43 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Nokia
2006-10-29 20:43 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\DataLayer
2006-10-29 20:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-10-29 20:35 <DIR> d-------- C:\Programme\Nokia
2006-10-29 20:35 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2006-10-29 20:35 <DIR> d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\PC Suite
2006-10-29 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-25 16:36 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-11-24 21:11 869 --a------ C:\Dokumente und Einstellungen\walid\Anwendungsdaten\AdobeDLM.log
2006-11-24 21:11 0 --a------ C:\Dokumente und Einstellungen\walid\Anwendungsdaten\dm.ini
2006-11-24 21:11 -------- d-------- C:\Programme\Adobe
2006-11-24 21:03 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-11-24 00:43 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Skype
2006-11-23 23:12 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\AdobeUM
2006-11-22 17:26 -------- d---s---- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Microsoft
2006-11-22 03:26 -------- d-------- C:\Programme\Internet Explorer
2006-11-19 17:47 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-11-18 15:00 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-11-13 22:28 -------- d-------- C:\Programme\MSN
2006-11-08 20:59 -------- d-------- C:\Programme\Norton AntiVirus
2006-11-08 20:58 -------- d-------- C:\Programme\Symantec
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-24 10:17 48424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-14 23:56 -------- d-------- C:\Programme\Windows Media Player
2006-10-14 23:56 -------- d-------- C:\Programme\Messenger
2006-10-14 23:52 -------- d-------- C:\Programme\Outlook Express
2006-10-14 23:52 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-10-14 22:52 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Macromedia
2006-10-14 19:53 -------- d-------- C:\Programme\Microsoft.NET
2006-10-14 19:51 -------- d-------- C:\Programme\Microsoft Office
2006-10-14 19:51 -------- d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 19:24 -------- d-------- C:\Programme\Canon
2006-10-08 20:34 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Adobe
2006-10-08 14:22 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Real
2006-10-08 14:21 -------- d-------- C:\Programme\Gemeinsame Dateien\xing shared
2006-10-08 14:21 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2006-10-08 14:20 -------- d-------- C:\Programme\Real
2006-10-08 10:56 -------- d-------- C:\Programme\Skype
2006-10-08 00:53 -------- d-------- C:\Programme\Hewlett-Packard
2006-10-07 23:24 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Symantec
2006-10-07 23:22 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Samsung Electronics
2006-10-07 23:22 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Help
2006-10-07 23:19 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-07 23:19 -------- d-------- C:\Programme\Samsung
2006-10-07 23:14 -------- d-------- C:\Programme\CyberLink
2006-10-07 23:13 -------- d-------- C:\Programme\Ahead
2006-10-07 23:12 -------- d-------- C:\Programme\Gemeinsame Dateien\Ahead
2006-10-07 23:08 -------- d-------- C:\Programme\PIC
2006-10-07 23:07 -------- d-------- C:\Programme\MSXML 4.0
2006-10-07 23:06 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-10-07 23:05 -------- d-------- C:\Programme\Synaptics
2006-10-07 23:05 -------- d-------- C:\Programme\SRS Labs
2006-10-07 23:05 -------- d-------- C:\Programme\ltmoh
2006-10-07 23:04 -------- d-------- C:\Programme\Analog Devices
2006-10-07 23:03 -------- d-------- C:\Programme\Intel
2006-10-07 23:02 -------- d-------- C:\Programme\ATI Technologies
2006-10-07 20:34 -------- d-------- C:\Programme\MATLAB
2006-10-07 20:17 -------- d--h----- C:\Programme\Uninstall Information
2006-10-07 20:17 -------- d-------- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\Identities
2006-10-07 20:15 -------- d-------- C:\Programme\Java
2006-10-07 20:15 -------- d-------- C:\Programme\Gemeinsame Dateien\Java
2006-10-07 20:09 62 --ahs---- C:\Dokumente und Einstellungen\walid\Anwendungsdaten\desktop.ini
2006-10-07 20:09 -------- d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines
2006-10-07 20:09 -------- d-------- C:\Programme\Gemeinsame Dateien\ODBC
2006-10-07 20:05 -------- d-------- C:\Programme\xerox
2006-10-07 20:05 -------- d-------- C:\Programme\microsoft frontpage
2006-10-07 20:04 0 -rahs---- C:\MSDOS.SYS
2006-10-07 20:04 0 -rahs---- C:\IO.SYS
2006-10-07 20:04 0 --a------ C:\CONFIG.SYS
2006-10-07 20:04 0 --a------ C:\AUTOEXEC.BAT
2006-10-07 20:03 -------- d--h----- C:\Programme\WindowsUpdate
2006-10-07 20:03 -------- d-------- C:\Programme\Online-Dienste
2006-10-07 20:02 -------- d-------- C:\Programme\NetMeeting
2006-10-07 20:02 -------- d-------- C:\Programme\Movie Maker
2006-10-07 20:02 -------- d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2006-10-07 20:02 -------- d-------- C:\Programme\Gemeinsame Dateien\Dienste
2006-10-07 20:01 -------- d-------- C:\Programme\ComPlus Applications
2006-10-07 20:00 -------- d-------- C:\Programme\Windows NT
2006-10-07 20:00 -------- d-------- C:\Programme\Online Services
2006-10-07 20:00 -------- d-------- C:\Programme\MSN Gaming Zone
2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:42 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-25 16:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="~\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SweetIM"="C:\\Programme\\Macrogaming\\SweetIM\\SweetIM.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0\\bin\\jusched.exe"
"ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="C:\\Programme\\ltmoh\\Ltmoh.exe"
"MagicKeyboard"="C:\\Programme\\SAMSUNG\\MagicKBD\\PreMKBD.exe"
"AVStation premium"="\"C:\\Programme\\Samsung\\AVStation premium\\bin\\AVStation agent.exe\""
"BatteryManager"="C:\\Programme\\Samsung\\Samsung Battery Manager\\BatteryManager.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"SamsungPIC"="C:\\Programme\\Samsung\\Samsung Command Center\\PIC_UI.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Easy-PrintToolBox"="C:\\Programme\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prfen - walid.job

Completion time: 06-11-25 18:01:14.54
C:\ComboFix.txt ... 06-11-25 18:01
C:\ComboFix2.txt ... 06-11-24 23:03
C:\ComboFix3.txt ... 06-11-24 23:00



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hier die logs von datfindbat:
1.Log Verzeichnis von C:\WINDOWS\system32\
2.Log Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp\
3.Log Verzeichnis von C:\WINDOWS\
4.Log Verzeichnis von C:\WINDOWS\temp\
5.Log Verzeichnis von C:\WINDOWS\Downloaded Program Files
6.Log Verzeichnis von C:\
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


21.08.2006 10:14 23.040 fltmc.exe
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\WINDOWS\system32

25.11.2006 16:36 1.543 walid_KBD.ini
25.11.2006 03:30 4.440 tmp.reg
25.11.2006 03:30 0 tmp.txt
24.11.2006 09:57 3.500 ikhcore.log
22.11.2006 03:25 1.429.504 rk.bin
22.11.2006 03:25 315.392 rlls.dll

16.11.2006 06:20 10.474.920 MRT.exe
08.11.2006 21:45 2.206 wpa.dbl
08.11.2006 20:35 314.842 perfh009.dat
08.11.2006 20:35 41.170 perfc009.dat
08.11.2006 20:35 320.668 perfh007.dat
08.11.2006 20:35 49.570 perfc007.dat
08.11.2006 20:35 726.560 PerfStringBackup.INI
04.11.2006 14:14 1.245.696 msxml4.dll
27.10.2006 17:12 1.040.384 ieframe.dll.mui


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\DOKUME~1\walid\LOKALE~1\Temp

25.11.2006 16:37 0 JET7B93.tmp
25.11.2006 16:37 176 PICLog.log
25.11.2006 16:37 0 JET7375.tmp
25.11.2006 16:36 49.152 ~DFEB02.tmp
25.11.2006 16:36 32.768 ~DF195F.tmp
25.11.2006 16:36 16.384 ~DFE492.tmp
6 Datei(en) 98.480 Bytes
0 Verzeichnis(se), 35.136.167.936 Bytes frei



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\WINDOWS

25.11.2006 18:12 159 wiadebug.log
25.11.2006 18:12 50 wiaservc.log
25.11.2006 16:44 1.305.346 WindowsUpdate.log
25.11.2006 16:36 0 0.log
25.11.2006 16:36 2.048 bootstat.dat
25.11.2006 16:34 32.700 SchedLgU.Txt
25.11.2006 03:51 608.314 setupapi.log
25.11.2006 03:32 181.784 setupact.log
25.11.2006 03:29 266.378 ntbtlog.txt
25.11.2006 02:11 116 NeroDigital.ini
23.11.2006 01:00 37.184 DPINST.LOG


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\WINDOWS\Temp


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\WINDOWS\Downloaded Program Files

09.11.2006 14:36 5.019 swflash.inf
07.10.2006 20:03 65 desktop.ini
2 Datei(en) 5.084 Bytes
0 Verzeichnis(se), 35.136.143.360 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 142A-EDEF

Verzeichnis von C:\

25.11.2006 18:28 0 sys.txt
25.11.2006 18:26 345 down.txt
25.11.2006 18:26 117 tmp.txt
25.11.2006 18:25 8.694 system.txt
25.11.2006 18:24 536 systemtemp.txt
25.11.2006 18:23 95.961 system32.txt
25.11.2006 18:01 16.212 ComboFix.txt
25.11.2006 16:36 17.584 avenger.txt
25.11.2006 16:36 1.610.612.736 pagefile.sys
25.11.2006 03:30 879 rapport.txt
24.11.2006 23:20 10.928 files.txt
24.11.2006 23:03 17.628 ComboFix2.txt
24.11.2006 23:00 17.591 ComboFix3.txt
07.10.2006 23:06 86 setup.log
07.10.2006 20:04 0 CONFIG.SYS
07.10.2006 20:04 0 IO.SYS
07.10.2006 20:04 0 MSDOS.SYS
07.10.2006 20:04 0 AUTOEXEC.BAT
07.10.2006 19:46 211 boot.ini
04.08.2004 13:00 4.952 bootfont.bin
04.08.2004 13:00 47.564 NTDETECT.COM
04.08.2004 13:00 251.184 ntldr
22 Datei(en) 1.611.103.208 Bytes
0 Verzeichnis(se), 35.136.139.264 Bytes frei
Seitenanfang Seitenende
25.11.2006, 19:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 normalerweise ist diese dll auch im winsock, da du aber schreibst: nein, loesche sie mit dem avenger.
wenn dann das Internet wieder mal hops gehen sollte, weiss du ja, was zu tun ist ;)

Avenger

Zitat

Files to delete:
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\rk.bin
dann sollte wieder alles o.k. sein ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.11.2006, 20:15
...neu hier

Themenstarter

Beiträge: 6
#11 Hallo Sabina,

habe also avenger durchgeführt (war mir aber nicht sicher ob ich nur dein letztes zitat in das avenger feld einfügen sollte, oder wie beim ersten Mal wo ich avenger benutzen sollte:

registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200}
....

+ dein letztes Zitat.)

Jedenfalls schien es mir irrgendwie logischer nur

Files to delete:
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\rk.bin

zu kopieren.

Nach dem reboot:
Internet OK
habe keinen avenger log bekommen (ich habe C:\avenger\backup.zip Sicherheitshalber noch nicht gelöscht)

Kann ich davon ausgehen dass jetzt alles OK ist?
Danke. Sayf
Seitenanfang Seitenende
26.11.2006, 10:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 wenn
C:\WINDOWS\system32\rlls.dll
C:\WINDOWS\system32\rk.bin
rausgeloescht sind (kannst du selbst mit der datfindbat ueberpruefen) - sollte wieder alles i.o. sein ;)

______

das obere avengescript hatte sich auf Grund der Systemwiederherstellung auf einen Tag, bevor du diesen ganzen Muell geladen hast - erledigt)

das ist alles im 2.Log von Combofix nicht mehr vohanden (ausser der rlls.dll )

2006-11-24 02:13 <DIR> d-------- C:\Programme\MalwareWiper
2006-11-24 02:01 <DIR> d-------- C:\Programme\Antivirus-Golden
2006-11-24 00:33 77,824 --a------ C:\WINDOWS\system32\dcvwaah.dll
2006-11-24 00:33 <DIR> d-------- C:\Programme\Virus-Bursters
2006-11-24 00:32 <DIR> d-------- C:\Programme\Gold Codec
2006-11-22 17:26 <DIR> d-------- C:\Programme\Macrogaming
2006-11-22 03:26 28,672 --a------ C:\WINDOWS\system32\f3PSSavr.scr
2006-11-22 03:26 <DIR> d-------- C:\Programme\MyWebSearch
2006-11-22 03:25 315,392 --a------ C:\WINDOWS\system32\rlls.dll
2006-11-22 03:25 <DIR> d-------- C:\Programme\FunWebProducts
2006-11-22 03:23 183,296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-11-22 03:22 1,429,504 --a------ C:\WINDOWS\system32\rlvknlg.exe
2006-11-22 03:21 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2006-11-22 03:21 <DIR> d-a-s---- C:\Programme\NewDotNet
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: