Administrator deaktiviert

#16 poste dann dieses Log:
http://virus-protect.org/registry_stuff.html
__________
MfG Sabina

rund um die PC-Sicherheit

#17 F-Secure Online Scanner Next Generation Beta
http://support.f-secure.com/enu/home/ols3.shtml

1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta".
2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren
3. Installiere diese ActiveX-Komponente
4. Lies die Anleitung und klicke: "Accept"
5. Klicke "Full System Scan"
6. klicke "Show report" - kopiere den Scanreport

Fertig, aber ich habe jetzt nur 2 Möglichkeiten, entweder

"Automatische Bereinigung (empfohlen)"

oder

"Benutzer entscheidet abhängig vom jew..." <--- mehr zeigt der Button nicht an

Was davon soll ich tun?
Von einem Report steht da nichts...

#18 "Automatische Bereinigung (empfohlen)"

erst mal scannen, wenn der scan beendet ist, gibt es bestimmt einen report
__________
MfG Sabina

rund um die PC-Sicherheit

#19 F. Secure

Backdoor.Win32.Bifrose.tw (virus)
C:\!KILLBOX\SERVER.EXE (Renamed & Submitted)
Backdoor.Win32.Ciadoor.13 (virus)
C:\!KILLBOX\WSOCK32.SYS (Renamed)
IRC/DCCfsk.A (virus)
J:\CYB\CYB\MIRCS\AIRR0RSCRIPT2\SCRIPT20.INI (Submitted)
J:\CYB\MIRCS\AIRR0RSCRIPT2\SCRIPT20.INI
Possible Browser Hijack attempt (spyware)
System
Tracking Cookie (spyware)
System (Disinfected)
System
W32/Downloader (virus)
C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\PHONOSTAR-PLAYER\UPDATE.EXE
Win32.Trojan.Downloader (spyware)
System


registry_stuff.html

doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:0001a82d

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00
"SharedAutoDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DisableNotifications"=dword:00000000
"DoNotAllowExceptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*isabled:Internet Explorer"
"E:\\Steam\\Steam.exe"="E:\\Steam\\Steam.exe:*:Enabled:Steam"
"H:\\eDonkey2000\\edonkey2000.exe"="H:\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"E:\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"="E:\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe:*:Enabledreamweaver MX"
"E:\\PhonoStar\\ps_olect.exe"="E:\\PhonoStar\\ps_olect.exe:*:Enableds_olect"
"E:\\PSFtp Free\\PSFtpFree.exe"="E:\\PSFtp Free\\PSFtpFree.exe:*:EnabledSFtp Free"
"E:\\Steam\\SteamApps\\flatrate@treffpunkt.de.com\\counter-strike\\hl.exe"="E:\\Steam\\SteamApps\\flatrate@treffpunkt.de.com\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"E:\\ICQ\\ICQLite\\ICQLite.exe"="E:\\ICQ\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"H:\\BitTorrent\\bittorrent.exe"="H:\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"D:\\Battlefield 2 Demo\\BF2.exe"="D:\\Battlefield 2 Demo\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"E:\\iTunes\\iTunes.exe"="E:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Skype\\Phone\\Skype.exe"="E:\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{C92B97C9-4ADB-4006-9F44-06B5BE331EAF}"=dword:00000001
"{0CF4A343-57F8-4EC8-A5FD-1251361927C4}"=dword:00000001
"{4042F28D-EA2A-4BD7-8D82-33BF47B9B5D1}"=dword:00000001
"{734A1A26-FE28-4227-8516-862E9971012A}"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Nachrichtendienst"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden."
"Group"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Sicherheitscenter"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\
6f,77,73,65,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:51,64,42,bd,d3,24,0f,44,b6,1a,bf,9f,35,7b,f6,bd
"srvcomment"=""
"Hidden"=dword:00000001
"AdjustedNullSessionPipes"=dword:00000001
"Hide"=dword:00000000
"AutoShareWks"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\Hidden]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00
"OtherDomains"=hex(7):00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000304
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:b4,1a,e1,c9,26,ec,05,12,60,1b,af,b1,b3,8f,80,ac,65,38,61,38,38,\
31,64,35,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
52,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,7e,35,c0,07

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:30,9b,a8,93,7a,17,ca,b8,3f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:1d,bb,75,f7,ac,3d

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:c0,85,5f,54,c4,f3,79,9d,85,7a,ab,62,3c,66,33,12

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:aa,b6,9d,d5,26,f3,c4,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:80,6c,27,a9,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,8a,53,ad,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,4d,1d,af,f8,79,c4,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



#20 Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.

in: "Enter search strings" (reinschreiben oder reinkopieren)

wsock32.sys

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

Winexess

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

scvhost

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.


in: "Enter search strings" (reinschreiben oder reinkopieren)

Generic Host Process

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

svchost32

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

-----------------------------------------------------------------------------------------
2.
start - Ausfuehren - regedit

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000 -> auf 1 stellen

PC neustarten

---------------------------------------------------------------------------------------------
3.
oeffne da Notepad (Texteditor) kopiere folgendes rein:

Zitat

regedit /e c:\domains.txt "HKEY_CURRENT_USER\Software\NirSoft"

Speichern als export.bat auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an.
doppelklick -- c:\domains.txt -- Text abkopieren und posten

4.
poste das log vom Winpfind
http://virus-protect.org/winpfind.html

5.
Die XP-Firewall wieder aktivieren [Windows-Firewall/Gemeinsame Nutzung der Internetverbindung]
http://www.wintotal.de/Tipps/Eintrag.php?TID=1157
__________
MfG Sabina

rund um die PC-Sicherheit

#21 Zu 1.

; Results at 05.07.2006 13:52:24 for strings:
; 'wsock32.sys'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

; Results at 05.07.2006 14:44:47 for strings:
; 'winexess'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Winexess]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winexess"="C:\\WINDOWS\\system32\\server.exe"

[HKEY_USERS\S-1-5-21-1202660629-838170752-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"Winexess"="C:\\WINDOWS\\system32\\server.exe"

; End Of The Log...

; Results at 05.07.2006 14:57:04 for strings:
; 'scvhost'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"

[HKEY_USERS\S-1-5-21-1202660629-838170752-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"

; End Of The Log...

; Results at 05.07.2006 14:59:15 for strings:
; 'generic host process'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"

[HKEY_USERS\S-1-5-21-1202660629-838170752-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"

; End Of The Log...

; Results at 05.07.2006 15:01:24 for strings:
; 'svchost32'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

3.

3.
oeffne da Notepad (Texteditor) kopiere folgendes rein:

Zitat:
regedit /e c:\domains.txt "HKEY_CURRENT_USER\Software\NirSoft"

Speichern als export.bat auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an.
doppelklick -- c:\domains.txt -- Text abkopieren und posten

hab ich gemacht, die export.bat öffnet sich auch kurz, aber es gibt keine Datei mit der Bezeichnung "domains.txt"

4.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 06.09.2002 11:36:16 124416 C:\WINDOWS\lame_enc.dll
aspack 30.03.2004 12:30:00 116224 C:\WINDOWS\SMUn.EXE
UPX! 19.03.2004 12:50:30 966144 C:\WINDOWS\vsapi32.dll
aspack 19.03.2004 12:50:30 966144 C:\WINDOWS\vsapi32.dll
UPX! 13.10.2005 21:27:00 RHS 422400 C:\WINDOWS\x2.64.exe

Checking %System% folder...
UPX! 18.05.2003 11:53:56 11776 C:\WINDOWS\SYSTEM32\BORLNDMM.DLL
UPX! 23.08.1996 19:11:10 51712 C:\WINDOWS\SYSTEM32\Comdlg32.new
UPX! 09.07.2004 10:47:04 RHS 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax
UPX! 17.09.2001 14:20:02 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll
aspack 18.03.2005 18:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26.05.2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
UPX! 18.05.2003 11:53:56 11264 C:\WINDOWS\SYSTEM32\DELPHIMM.DLL
PEC2 29.08.2002 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 18.05.2003 11:53:56 49664 C:\WINDOWS\SYSTEM32\ElementSyntaxMgr.dll
aspack 16.01.2003 14:08:10 1834517 C:\WINDOWS\SYSTEM32\Exotica.scr
UPX! 18.05.2003 11:53:56 129024 C:\WINDOWS\SYSTEM32\HDPREV.DLL
UPX! 18.05.2003 11:53:56 60928 C:\WINDOWS\SYSTEM32\HDResources.dll
UPX! 18.05.2003 11:53:56 83456 C:\WINDOWS\SYSTEM32\HotDogNavView.dll
UPX! 18.05.2003 11:53:56 329216 C:\WINDOWS\SYSTEM32\HTMLExpertLib.dll
UPX! 18.05.2003 11:53:56 59904 C:\WINDOWS\SYSTEM32\HTMLProcessors.dll
UPX! 18.05.2003 11:53:56 34816 C:\WINDOWS\SYSTEM32\HTMLValidator.dll
UPX! 25.01.2004 RHS 70656 C:\WINDOWS\SYSTEM32\i420vfw.dll
UPX! 18.05.2003 11:53:56 61952 C:\WINDOWS\SYSTEM32\Ilanot32.dll
PTech 14.02.2006 10:20:14 550120 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 09.06.2006 03:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 09.06.2006 03:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 09:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 21.02.2005 16:17:32 22016 C:\WINDOWS\SYSTEM32\prospeed_bmp2jpg.dll
Umonitor 04.08.2004 09:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 18.05.2003 11:53:56 116736 C:\WINDOWS\SYSTEM32\SausageControls.dll
UPX! 18.05.2003 11:53:56 56320 C:\WINDOWS\SYSTEM32\SausagePropertySheet.dll
UPX! 18.05.2003 11:53:56 10240 C:\WINDOWS\SYSTEM32\SausageRegistry.dll
UPX! 18.05.2003 11:53:56 105984 C:\WINDOWS\SYSTEM32\SausageText.dll
UPX! 18.05.2003 11:53:56 135680 C:\WINDOWS\SYSTEM32\SausageTextEdit.dll
UPX! 18.05.2003 11:53:56 43520 C:\WINDOWS\SYSTEM32\ScriptSyntaxMgr.dll
UPX! 02.06.1997 00:31:00 42496 C:\WINDOWS\SYSTEM32\Sh33w32.dll
aspack 15.01.2003 02:26:26 3587210 C:\WINDOWS\SYSTEM32\Snowdrift.scr
UPX! 26.04.1998 21:25:38 49152 C:\WINDOWS\SYSTEM32\SSCE4232.DLL
UPX! 05.06.1996 12:13:34 37376 C:\WINDOWS\SYSTEM32\THESDB32.DLL
aspack 16.01.2003 13:44:24 2118573 C:\WINDOWS\SYSTEM32\Tropical Dreams1024.scr
UPX! 01.11.1997 02:36:28 104960 C:\WINDOWS\SYSTEM32\UAFDLL.DLL
UPX! 02.11.2002 11:57:10 18944 C:\WINDOWS\SYSTEM32\vcedit.dll
UPX! 02.11.2002 11:57:12 9216 C:\WINDOWS\SYSTEM32\vorbisfile.dll
winsync 29.08.2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 14.04.2006 23:48:30 H 245248 C:\WINDOWS\SYSTEM32\wodfamod.dll
UPX! 28.02.2005 13:16:22 RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe
UPX! 25.01.2004 RHS 70656 C:\WINDOWS\SYSTEM32\yv12vfw.dll

Checking %System%\Drivers folder and sub-folders...
PTech 04.08.2004 07:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
05.07.2006 15:19:06 S 2048 C:\WINDOWS\bootstat.dat
01.06.2006 09:23:42 RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
01.06.2006 09:23:42 RH 0 C:\WINDOWS\assembly\pubpol1.dat
01.06.2006 11:06:10 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
01.06.2006 11:06:12 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
04.07.2006 15:35:42 HS 109355 C:\WINDOWS\system32\SysPr.prx
14.05.2006 12:21:36 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
01.06.2006 22:28:44 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
17.05.2006 06:50:50 S 95392 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem20.CAT
05.07.2006 15:19:52 H 1024 C:\WINDOWS\system32\config\default.LOG
05.07.2006 15:19:10 H 1024 C:\WINDOWS\system32\config\SAM.LOG
05.07.2006 15:20:26 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
05.07.2006 15:45:32 H 1024 C:\WINDOWS\system32\config\software.LOG
05.07.2006 15:20:50 H 1024 C:\WINDOWS\system32\config\system.LOG
14.06.2006 18:54:16 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
17.05.2006 06:50:50 S 95392 C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_32464.CAT
17.05.2006 06:50:50 S 95392 C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\CX_32464.CAT
05.07.2006 15:19:08 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04.08.2004 09:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 09:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 28.05.2001 14:47:00 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
12.11.1999 06:11:00 184832 C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation 04.08.2004 09:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Razer Inc. 02.11.2005 10:27:46 69632 C:\WINDOWS\SYSTEM32\copperhd.cpl
Microsoft Corporation 04.08.2004 09:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 09:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 09:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 13.04.2006 23:21:20 1405952 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 09:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 09:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 09:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 09:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Kristal Studio 24.01.2001 05:05:32 121856 C:\WINDOWS\SYSTEM32\Mp3cnfg.cpl
Microsoft Corporation 29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 09:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 09:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 09:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
11.05.2003 09:51:40 R 14336 C:\WINDOWS\SYSTEM32\pmxusb.cpl
Microsoft Corporation 04.08.2004 09:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
SiSoftware 29.06.2004 10:53:22 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl
29.12.2002 02:14:38 81920 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 04.08.2004 09:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 09:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 09:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
21.12.2002 18:15:36 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
16.02.2006 16:22:42 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
21.12.2002 18:01:46 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
23.06.2006 19:02:24 3348 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
21.12.2002 18:15:36 HS 84 C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
04.10.2005 21:23:02 2781 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\AdobeDLM.log
02.07.2006 01:32:34 22431 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\CleanUp!.log
21.12.2002 18:01:46 HS 62 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\desktop.ini
04.10.2005 21:22:56 0 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\dm.ini
05.08.2003 17:27:58 112 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\dw.log

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\DropStuff Context Menu
{2e336dc0-54f8-11d1-abd5-447270537466} = d:\Stuffit\StuffIt 7.0.2\DropStuff\ShellDS.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\ICQ\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = E:\Incredimail\bin\IMShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerArchiver
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = E:\PowerArchiver\PASHLEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = d:\TagRename\TRshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "E:\TuneUp Utilities 2006\sdshelex.dll"
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\UltraEdit-32
{b5eedee0-c06e-11cf-8c56-444553540000} = e:\ultra\ue32ctmn.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Winrar\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= E:\Nero 5.5.9.14\Nero 7\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu
{AB77609F-2178-4E6F-9C4B-44AC179D937A} = D:\a-squared\a-squared\a2contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\DropStuff Context Menu
{2e336dc0-54f8-11d1-abd5-447270537466} = d:\Stuffit\StuffIt 7.0.2\DropStuff\ShellDS.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerArchiver
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = E:\PowerArchiver\PASHLEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = d:\TagRename\TRshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Winrar\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= E:\Nero 5.5.9.14\Nero 7\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\ICQ\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "E:\TuneUp Utilities 2006\sdshelex.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Winrar\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16664845-0E00-11D2-8059-000000000000}
ClickCatcher MSIE handler = C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= D:\SEARCH~2\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} = Copernic Agent : E:\COPERN~1\COPERN~1.DLL
{275EF756-D6AE-487A-B544-B67AB825AD4A} = wersucht.de : C:\Programme\wersucht.de\toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{04849C74-016E-4a43-8AA5-1F01DE57F4A1}
ButtonText = Trace :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}
MenuText = Launch Copernic Agent :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3497BA3F-AE5F-43AE-AF23-635D516AF144}
ButtonText = concept/design's onlineTV : H:\onlineTV\REGITonlineTV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{410C30C7-098A-4090-928E-F1D356D34C7F}
ButtonText = @i:\Messenger2\im2_ie_plugin.dll,-4 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6224f700-cba3-4071-b251-47cb894244cd}
ButtonText = ICQ Pro : E:\ICQ\ICQ\ICQ.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{688DC797-DC11-46A7-9F1B-445F4F58CE6E}
ButtonText = Copernic Agent : E:\COPERN~1\COPERN~1.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : E:\ICQ\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} = Copernic Agent : E:\COPERN~1\COPERN~1.DLL
{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} = :
{F2CF5485-4E02-4F68-819C-B92DE9277049} = &Links : C:\WINDOWS\system32\ieframe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IntelliType "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
CTHelper CTHELPER.EXE
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
Copperhead C:\Programme\Razer\Copperhead\razerhid.exe
Winexess C:\WINDOWS\system32\server.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Winexess C:\WINDOWS\system32\server.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^E-Color.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\E-Color.lnk
backup C:\WINDOWS\pss\E-Color.lnkCommon Startup
location Common Startup
command C:\PROGRA~2\E-Color\Common\IconMgr.exe
item E-Color
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\E-Color.lnk
backup C:\WINDOWS\pss\E-Color.lnkCommon Startup
location Common Startup
command C:\PROGRA~2\E-Color\Common\IconMgr.exe
item E-Color

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GetRight - Tray Icon.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GetRight - Tray Icon.lnk
backup C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\GetRight\getright.exe
item GetRight - Tray Icon
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GetRight - Tray Icon.lnk
backup C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\GetRight\getright.exe
item GetRight - Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command E:\MICROS~1\Office\OSA9.EXE -b -l
item Microsoft Office
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command E:\MICROS~1\Office\OSA9.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Andreas^Startmenü^Programme^Autostart^Ashampoo Mail Virus Blocker Server.lnk
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Ashampoo Mail Virus Blocker Server.lnk
backup C:\WINDOWS\pss\Ashampoo Mail Virus Blocker Server.lnkStartup
location Startup
command E:\ASHAMP~1\MAILVI~1\Server.exe
item Ashampoo Mail Virus Blocker Server
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Ashampoo Mail Virus Blocker Server.lnk
backup C:\WINDOWS\pss\Ashampoo Mail Virus Blocker Server.lnkStartup
location Startup
command E:\ASHAMP~1\MAILVI~1\Server.exe
item Ashampoo Mail Virus Blocker Server

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Andreas^Startmenü^Programme^Autostart^Iomega Product Registration.lnk
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Iomega Product Registration.lnk
backup C:\WINDOWS\pss\Iomega Product Registration.lnkStartup
location Startup
command C:\PROGRA~1\Iomega\REGIST~1\Register.exe /remind /language=DE /PRNM="Iomega Product"
item Iomega Product Registration
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Iomega Product Registration.lnk
backup C:\WINDOWS\pss\Iomega Product Registration.lnkStartup
location Startup
command C:\PROGRA~1\Iomega\REGIST~1\Register.exe /remind /language=DE /PRNM="Iomega Product"
item Iomega Product Registration

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Andreas^Startmenü^Programme^Autostart^ScanDL.lnk
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\ScanDL.lnk
backup C:\WINDOWS\pss\ScanDL.lnkStartup
location Startup
command C:\PROGRA~1\ScanDL\ScanDL.exe -tray
item ScanDL
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\ScanDL.lnk
backup C:\WINDOWS\pss\ScanDL.lnkStartup
location Startup
command C:\PROGRA~1\ScanDL\ScanDL.exe -tray
item ScanDL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AudioHQ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AHQTB
hkey HKLM
command C:\Programme\Creative\SBLive2k\AudioHQ\AHQTB.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AHQTB
hkey HKLM
command C:\Programme\Creative\SBLive2k\AudioHQ\AHQTB.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVGCtrl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AVGNT
hkey HKLM
command d:\AVPersonal\AVGNT.EXE /min
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AVGNT
hkey HKLM
command d:\AVPersonal\AVGNT.EXE /min
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundSwitcher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bgswitch
hkey HKLM
command C:\WINDOWS\System32\bgswitch.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bgswitch
hkey HKLM
command C:\WINDOWS\System32\bgswitch.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bckzw
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yglxtrie
hkey HKLM
command C:\DOKUME~1\Andreas\ANWEND~1\yglxtrie.exe -QuieT
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yglxtrie
hkey HKLM
command C:\DOKUME~1\Andreas\ANWEND~1\yglxtrie.exe -QuieT
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CoffeeCup Spam Blocker
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SPAMBL~1
hkey HKLM
command "H:\COFFEE~2\SPAMBL~1\SPAMBL~1.EXE" -min
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SPAMBL~1
hkey HKLM
command "H:\COFFEE~2\SPAMBL~1\SPAMBL~1.EXE" -min
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel Reminder
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CorelCorelDRAW10 Reminder
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NavLoad
hkey HKLM
command "e:\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "e:\Corel\Graphics10\Register\NavLoad.ini"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NavLoad
hkey HKLM
command "e:\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "e:\Corel\Graphics10\Register\NavLoad.ini"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\deupdchk
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item _WMP200000000269
hkey HKLM
command C:\WINDOWS\Dialer\_WMP200000000269.exe !
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item _WMP200000000269
hkey HKLM
command C:\WINDOWS\Dialer\_WMP200000000269.exe !
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Geburtstagsmanager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item burz
hkey HKLM
command e:\Geburtstagsmanager\burz.exe /silent
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item burz
hkey HKLM
command e:\Geburtstagsmanager\burz.exe /silent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Googlefilter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Googlefilter
hkey HKLM
command C:\Programme\GoogleFilter\Core\Googlefilter.exe /run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Googlefilter
hkey HKLM
command C:\Programme\GoogleFilter\Core\Googlefilter.exe /run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleTranslator2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item googletranslator
hkey HKCU
command h:\Google-Translator\googletranslator.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item googletranslator
hkey HKCU
command h:\Google-Translator\googletranslator.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotbar
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HbInst
hkey HKLM
command C:\Programme\Hotbar\bin\4.2.14.0\HbInst.exe /Upgrade
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HbInst
hkey HKLM
command C:\Programme\Hotbar\bin\4.2.14.0\HbInst.exe /Upgrade
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command E:\ICQ\ICQLite\ICQLite.exe -minimize
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command E:\ICQ\ICQLite\ICQLite.exe -minimize
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item InCD
hkey HKLM
command E:\Nero 5.5.9.14\Nero\InCD\InCD.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item InCD
hkey HKLM
command E:\Nero 5.5.9.14\Nero\InCD\InCD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IncMail
hkey HKLM
command E:\INCRED~1\bin\IncMail.exe /c
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IncMail
hkey HKLM
command E:\INCRED~1\bin\IncMail.exe /c
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "E:\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "E:\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Jet Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADGJDet
hkey HKLM
command C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADGJDet
hkey HKLM
command C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LiveMonitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LMonitor
hkey HKLM
command C:\Programme\MSI\Live Update 2\LMonitor.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LMonitor
hkey HKLM
command C:\Programme\MSI\Live Update 2\LMonitor.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mirabilis ICQ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQNet
hkey HKLM
command E:\ICQ\ICQ\ICQNet.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQNet
hkey HKLM
command E:\ICQ\ICQ\ICQNet.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command C:\Programme\Messenger\msmsgs.exe /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command C:\Programme\Messenger\msmsgs.exe /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~1
hkey HKLM
command rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norman ZANDA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ZLH
hkey HKLM
command C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ZLH
hkey HKLM
command C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NVCLOCK
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32 nvclock
hkey HKLM
command rundll32 nvclock.dll,fnNvclock
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32 nvclock
hkey HKLM
command rundll32 nvclock.dll,fnNvclock
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpiStat
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item OpiStat
hkey HKLM
command C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item OpiStat
hkey HKLM
command C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Overnet
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Overnet
hkey HKLM
command C:\Programme\Overnet\Overnet.exe -t
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Overnet
hkey HKLM
command C:\Programme\Overnet\Overnet.exe -t
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\POINTER
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item point32
hkey HKLM
command point32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item point32
hkey HKLM
command point32.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "E:\quicktime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "E:\quicktime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command d:\PowerDVD\PDVDServ.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command d:\PowerDVD\PDVDServ.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RivaTunerStartupDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RivaTuner
hkey HKLM
command "C:\Programme\RivaTuner\RivaTuner.exe" /S
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RivaTuner
hkey HKLM
command "C:\Programme\RivaTuner\RivaTuner.exe" /S
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmcService
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item smc
hkey HKLM
command E:\Sygate\SPF\smc.exe -startgui
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item smc
hkey HKLM
command E:\Sygate\SPF\smc.exe -startgui
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spamihilator
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item spamihilator
hkey HKCU
command "I:\Spamihilator\spamihilator.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item spamihilator
hkey HKCU
command "I:\Spamihilator\spamihilator.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item steam
hkey HKCU
command "e:\steam\steam.exe" -silent
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item steam
hkey HKCU
command "e:\steam\steam.exe" -silent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\THReminderVoll
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Reminder
hkey HKCU
command D:\Reminder\Reminder.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Reminder
hkey HKCU
command D:\Reminder\Reminder.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ToADiMon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ToADiMon
hkey HKLM
command D:\t-online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ToADiMon
hkey HKLM
command D:\t-online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Trickler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gain_trickler_3202
hkey HKLM
command "c:\programme\divx\divx pro codec\gain_trickler_3202.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gain_trickler_3202
hkey HKLM
command "c:\programme\divx\divx pro codec\gain_trickler_3202.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TuneUp MemOptimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MemOptimizer
hkey HKCU
command "E:\TuneUp Utilities 2006\MemOptimizer.exe" autostart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MemOptimizer
hkey HKCU
command "E:\TuneUp Utilities 2006\MemOptimizer.exe" autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UIWatcher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UIWatcher
hkey HKCU
command E:\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UIWatcher
hkey HKCU
command E:\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ulead AutoDetector v2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item monitor
hkey HKLM
command C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item monitor
hkey HKLM
command C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command e:\winamp5\winampa.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command e:\winamp5\winampa.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WINDVDPatch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Winexess
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item server
hkey HKCU
command C:\WINDOWS\system32\server.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item server
hkey HKCU
command C:\WINDOWS\system32\server.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winnet
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winnet
hkey HKLM
command C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winnet
hkey HKLM
command C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YAW starten
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fast
hkey HKCU
command "d:\yaw 3.5\fast.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fast
hkey HKCU
command "d:\yaw 3.5\fast.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZDF.nachrichtenkurier
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item messenger
hkey HKCU
command C:\Programme\ZDFnachrichtenkurier\messenger.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item messenger
hkey HKCU
command C:\Programme\ZDFnachrichtenkurier\messenger.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun 185


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Generic Host Process C:\WINDOWS\system32\scvhost.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key Ю–ƒ§Ÿàv;�©ËV
Hint passwort für die seite
FileName0 C:\WINDOWS\system32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
l 0
n 0
s 0
v 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
disablecad 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
Disabled 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .exe;.bat;.com;.cmd;.reg;.vbs;.inf;.msi;.htm;.html;.swf;.js;.mp3;.mp2;.ape;.apl;.flac;.shn;
.mpc;.mp+;.wma;.ogg;.mp4;.aac;.voc;.mid;.mac;.cda;.kar;.midi;.rar;.zip;.wav;.jpg;.gif;.png;.bmp;.jp
eg;.doc;.xls;.pls;.pub;.dat;.html;.htm;.avi;mpg;.mpeg;.nfo;.txt;.torrent;.diz;.ppt;.m3u;.sfv;.tar;.htt;.mht;.asp;.aspx;.tiff;
.rtf;.ini;.cab;.ico;.icl;.ip;.iptheme;.msstyles;.theme;.dll;.psd;.vbs;.swf;.php;.xaml;.iso;.bin;.cue;.xml;
.par;.par2;.ace;.arj;.lzh;.7z;.gz;.bz;.uue;.bz2;.jar;.z;.ade;.adn;.adp;.aia;.img;.date;.aip;.ait;amf;.ani;.aob;.asf;.csv;.fla;
.pxr;.wmv;.nrg;.mov;.sav;.xhtml;.php5;.pxr;.m4a;.qxr;.h;.cpp;.pdd;.rle;.dib;.eps;.jpe;.pcx;.pdp;.raw
;.pct;.pict;.sct;.tga;.vda;.icd;.vst;.tif;.tpl;.log;.prx;.cdf;.nls;.ax;.msc;.cpl;.EXE;.BAT;.COM;.CMD;.REG;.
VBS;.INF;.MSI;.HTM;.HTML;.SWF;.JS;.MP3;.MP2;.APE;.APL;.FLAC;.SHN;.MPC;.MP+;.WMA;.OGG;
.MP4;.AAC;.VOC;.MID;.MAC;.CDA;.KAR;.MIDI;.RAR;.ZIP;.WAV;.JPG;.GIF;.PNG;.BMP;.JPEG;
.DOC;.XLS;.PLS;.PUB;.DAT;.HTML;.HTM;.AVI;MPG;.MPEG;.NFO;.TXT;.TORRENT;.DIZ;.PPT;.M3U;
.SFV;.TAR;.HTT;.MHT;.ASP;.ASPX;.TIFF;.RTF;.INI;.CAB;.ICO;.ICL;.IP;.IPTHEME;.MSSTYLES;.
THEME;.DLL;.PSD;.VBS;.SWF;.PHP;.XAML;.ISO;.BIN;.CUE;.XML;.PAR;.PAR2;.ACE;.ARJ;.LZH;.7
Z;.GZ;.BZ;.UUE;.BZ2;.JAR;.Z;.ADE;.ADN;.ADP;.AIA;.IMG;.DATE;.AIP;.AIT;AMF;.ANI;.AOB;.ASF
;.CSV;.FLA;.PXR;.WMV;.NRG;.MOV;.SAV;.XHTML;.PHP5;.PXR;.M4A;.QXR;.H;.CPP;.PDD;.RLE;.DIB;
.EPS;.JPE;.PCX;.PDP;.RAW;.PCT;.PICT;
.SCT;.TGA;.VDA;.ICD;.VST;.TIF;.TPL;.LOG;.PRX;.CDF;.NLS;.AX;.MSC;.CPL;

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32
NoBackButton 0
NoFileMru 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun _

NoLowDiskSpaceChecks 1
ClearRecentDocsOnExit 0
NoRecentDocsMenu 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#22 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\PROGRAMME\COMMONNAME\TOOLBAR" >>files.txt
dir "c:\programme\divx\divx pro codec" >>files.txt
dir "c:\programme\divx" >>files.txt
dir "C:\Programme" >>files.txt
notepad files.txt

----------------------------------------------------------------------------------------
2.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen

Zitat

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32]
"NoBackButton"=-
"NoFileMru"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"disablecad"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp]
"Disabled"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default]
"Allow_Unknowns"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winexess"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Winexess"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"Generic Host Process"=-

3.
Gehe in die registry
Start - Ausfuehren - regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key Ю–ƒ§Ÿàv;�©ËV <--loeschen

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default]
PleaseMom 1 -> in 0 aendern

----------------------------------------------

bearbeiten - suchen - Winexess und server.exe

loesche alles, was du findest !
z.B:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Winexess<--loeschen

bearbeiten - suchen - > New.net

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net

bearbeiten - suchen - scvhost.exe-> pass auf, dass du dich nicht irrst...es ist scvhost.exe

z.b:

[HKEY_USERS\S-1-5-21-1202660629-838170752-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run]
"Generic Host Process"="C:\\WINDOWS\\system32\\scvhost.exe"

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit

#23 Puh, fertig.

Alles so gemacht, was jetzt?

#24 jetzt poste noch mal winpfind-log

+

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\PROGRAMME\COMMONNAME\TOOLBAR" >>files.txt
dir "c:\programme\divx\divx pro codec" >>files.txt
dir "c:\programme\divx" >>files.txt
dir "C:\Programme" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

#25 Hier nochmal winpfind-log

Soll ich auch den Inhalt von der listen.bat posten?


»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 06.09.2002 11:36:16 124416 C:\WINDOWS\lame_enc.dll
aspack 30.03.2004 12:30:00 116224 C:\WINDOWS\SMUn.EXE
UPX! 19.03.2004 12:50:30 966144 C:\WINDOWS\vsapi32.dll
aspack 19.03.2004 12:50:30 966144 C:\WINDOWS\vsapi32.dll
UPX! 13.10.2005 21:27:00 RHS 422400 C:\WINDOWS\x2.64.exe

Checking %System% folder...
UPX! 18.05.2003 11:53:56 11776 C:\WINDOWS\SYSTEM32\BORLNDMM.DLL
UPX! 23.08.1996 19:11:10 51712 C:\WINDOWS\SYSTEM32\Comdlg32.new
UPX! 09.07.2004 10:47:04 RHS 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax
UPX! 17.09.2001 14:20:02 9216 C:\WINDOWS\SYSTEM32\cpuinf32.dll
aspack 18.03.2005 18:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26.05.2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
UPX! 18.05.2003 11:53:56 11264 C:\WINDOWS\SYSTEM32\DELPHIMM.DLL
PEC2 29.08.2002 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 18.05.2003 11:53:56 49664 C:\WINDOWS\SYSTEM32\ElementSyntaxMgr.dll
aspack 16.01.2003 14:08:10 1834517 C:\WINDOWS\SYSTEM32\Exotica.scr
UPX! 18.05.2003 11:53:56 129024 C:\WINDOWS\SYSTEM32\HDPREV.DLL
UPX! 18.05.2003 11:53:56 60928 C:\WINDOWS\SYSTEM32\HDResources.dll
UPX! 18.05.2003 11:53:56 83456 C:\WINDOWS\SYSTEM32\HotDogNavView.dll
UPX! 18.05.2003 11:53:56 329216 C:\WINDOWS\SYSTEM32\HTMLExpertLib.dll
UPX! 18.05.2003 11:53:56 59904 C:\WINDOWS\SYSTEM32\HTMLProcessors.dll
UPX! 18.05.2003 11:53:56 34816 C:\WINDOWS\SYSTEM32\HTMLValidator.dll
UPX! 25.01.2004 RHS 70656 C:\WINDOWS\SYSTEM32\i420vfw.dll
UPX! 18.05.2003 11:53:56 61952 C:\WINDOWS\SYSTEM32\Ilanot32.dll
PTech 14.02.2006 10:20:14 550120 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 09.06.2006 03:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 09.06.2006 03:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 09:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 21.02.2005 16:17:32 22016 C:\WINDOWS\SYSTEM32\prospeed_bmp2jpg.dll
Umonitor 04.08.2004 09:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 18.05.2003 11:53:56 116736 C:\WINDOWS\SYSTEM32\SausageControls.dll
UPX! 18.05.2003 11:53:56 56320 C:\WINDOWS\SYSTEM32\SausagePropertySheet.dll
UPX! 18.05.2003 11:53:56 10240 C:\WINDOWS\SYSTEM32\SausageRegistry.dll
UPX! 18.05.2003 11:53:56 105984 C:\WINDOWS\SYSTEM32\SausageText.dll
UPX! 18.05.2003 11:53:56 135680 C:\WINDOWS\SYSTEM32\SausageTextEdit.dll
UPX! 18.05.2003 11:53:56 43520 C:\WINDOWS\SYSTEM32\ScriptSyntaxMgr.dll
UPX! 02.06.1997 00:31:00 42496 C:\WINDOWS\SYSTEM32\Sh33w32.dll
aspack 15.01.2003 02:26:26 3587210 C:\WINDOWS\SYSTEM32\Snowdrift.scr
UPX! 26.04.1998 21:25:38 49152 C:\WINDOWS\SYSTEM32\SSCE4232.DLL
UPX! 05.06.1996 12:13:34 37376 C:\WINDOWS\SYSTEM32\THESDB32.DLL
aspack 16.01.2003 13:44:24 2118573 C:\WINDOWS\SYSTEM32\Tropical Dreams1024.scr
UPX! 01.11.1997 02:36:28 104960 C:\WINDOWS\SYSTEM32\UAFDLL.DLL
UPX! 02.11.2002 11:57:10 18944 C:\WINDOWS\SYSTEM32\vcedit.dll
UPX! 02.11.2002 11:57:12 9216 C:\WINDOWS\SYSTEM32\vorbisfile.dll
winsync 29.08.2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 14.04.2006 23:48:30 H 245248 C:\WINDOWS\SYSTEM32\wodfamod.dll
UPX! 28.02.2005 13:16:22 RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe
UPX! 25.01.2004 RHS 70656 C:\WINDOWS\SYSTEM32\yv12vfw.dll

Checking %System%\Drivers folder and sub-folders...
PTech 04.08.2004 07:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
05.07.2006 18:01:00 S 2048 C:\WINDOWS\bootstat.dat
01.06.2006 09:23:42 RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
01.06.2006 09:23:42 RH 0 C:\WINDOWS\assembly\pubpol1.dat
01.06.2006 11:06:10 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
01.06.2006 11:06:12 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
04.07.2006 15:35:42 HS 109355 C:\WINDOWS\system32\SysPr.prx
14.05.2006 12:21:36 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
01.06.2006 22:28:44 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
17.05.2006 06:50:50 S 95392 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem20.CAT
05.07.2006 18:08:50 H 1024 C:\WINDOWS\system32\config\default.LOG
05.07.2006 18:08:22 H 1024 C:\WINDOWS\system32\config\SAM.LOG
05.07.2006 18:09:16 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
05.07.2006 18:29:22 H 1024 C:\WINDOWS\system32\config\software.LOG
05.07.2006 18:09:20 H 1024 C:\WINDOWS\system32\config\system.LOG
14.06.2006 18:54:16 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
17.05.2006 06:50:50 S 95392 C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_32464.CAT
17.05.2006 06:50:50 S 95392 C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\CX_32464.CAT
05.07.2006 18:01:02 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04.08.2004 09:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 09:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 28.05.2001 14:47:00 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
12.11.1999 06:11:00 184832 C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation 04.08.2004 09:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Razer Inc. 02.11.2005 10:27:46 69632 C:\WINDOWS\SYSTEM32\copperhd.cpl
Microsoft Corporation 04.08.2004 09:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 09:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 09:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 13.04.2006 23:21:20 1405952 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 09:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 09:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 09:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 09:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Kristal Studio 24.01.2001 05:05:32 121856 C:\WINDOWS\SYSTEM32\Mp3cnfg.cpl
Microsoft Corporation 29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 09:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 09:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 09:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
11.05.2003 09:51:40 R 14336 C:\WINDOWS\SYSTEM32\pmxusb.cpl
Microsoft Corporation 04.08.2004 09:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
SiSoftware 29.06.2004 10:53:22 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl
29.12.2002 02:14:38 81920 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 04.08.2004 09:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 09:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 09:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
21.12.2002 18:15:36 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
16.02.2006 16:22:42 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
21.12.2002 18:01:46 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
23.06.2006 19:02:24 3348 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
21.12.2002 18:15:36 HS 84 C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
04.10.2005 21:23:02 2781 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\AdobeDLM.log
02.07.2006 01:32:34 22431 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\CleanUp!.log
21.12.2002 18:01:46 HS 62 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\desktop.ini
04.10.2005 21:22:56 0 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\dm.ini
05.08.2003 17:27:58 112 C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\dw.log

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\DropStuff Context Menu
{2e336dc0-54f8-11d1-abd5-447270537466} = d:\Stuffit\StuffIt 7.0.2\DropStuff\ShellDS.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\ICQ\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = E:\Incredimail\bin\IMShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\PowerArchiver
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = E:\PowerArchiver\PASHLEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = d:\TagRename\TRshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "E:\TuneUp Utilities 2006\sdshelex.dll"
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\UltraEdit-32
{b5eedee0-c06e-11cf-8c56-444553540000} = e:\ultra\ue32ctmn.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Winrar\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= E:\Nero 5.5.9.14\Nero 7\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu
{AB77609F-2178-4E6F-9C4B-44AC179D937A} = D:\a-squared\a-squared\a2contmenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\DropStuff Context Menu
{2e336dc0-54f8-11d1-abd5-447270537466} = d:\Stuffit\StuffIt 7.0.2\DropStuff\ShellDS.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PowerArchiver
{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e} = E:\PowerArchiver\PASHLEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = d:\TagRename\TRshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Winrar\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
= E:\Nero 5.5.9.14\Nero 7\Nero 7\Nero BackItUp\NBShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\ICQ\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "E:\TuneUp Utilities 2006\sdshelex.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Winrar\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16664845-0E00-11D2-8059-000000000000}
ClickCatcher MSIE handler = C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= D:\SEARCH~2\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} = Copernic Agent : E:\COPERN~1\COPERN~1.DLL
{275EF756-D6AE-487A-B544-B67AB825AD4A} = wersucht.de : C:\Programme\wersucht.de\toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{04849C74-016E-4a43-8AA5-1F01DE57F4A1}
ButtonText = Trace :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}
MenuText = Launch Copernic Agent :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3497BA3F-AE5F-43AE-AF23-635D516AF144}
ButtonText = concept/design's onlineTV : H:\onlineTV\REGITonlineTV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{410C30C7-098A-4090-928E-F1D356D34C7F}
ButtonText = @i:\Messenger2\im2_ie_plugin.dll,-4 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6224f700-cba3-4071-b251-47cb894244cd}
ButtonText = ICQ Pro : E:\ICQ\ICQ\ICQ.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{688DC797-DC11-46A7-9F1B-445F4F58CE6E}
ButtonText = Copernic Agent : E:\COPERN~1\COPERN~1.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : E:\ICQ\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} = Copernic Agent : E:\COPERN~1\COPERN~1.DLL
{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} = :
{F2CF5485-4E02-4F68-819C-B92DE9277049} = &Links : C:\WINDOWS\system32\ieframe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IntelliType "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
CTHelper CTHELPER.EXE
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
Copperhead C:\Programme\Razer\Copperhead\razerhid.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^E-Color.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\E-Color.lnk
backup C:\WINDOWS\pss\E-Color.lnkCommon Startup
location Common Startup
command C:\PROGRA~2\E-Color\Common\IconMgr.exe
item E-Color
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\E-Color.lnk
backup C:\WINDOWS\pss\E-Color.lnkCommon Startup
location Common Startup
command C:\PROGRA~2\E-Color\Common\IconMgr.exe
item E-Color

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GetRight - Tray Icon.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GetRight - Tray Icon.lnk
backup C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\GetRight\getright.exe
item GetRight - Tray Icon
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GetRight - Tray Icon.lnk
backup C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\GetRight\getright.exe
item GetRight - Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command E:\MICROS~1\Office\OSA9.EXE -b -l
item Microsoft Office
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command E:\MICROS~1\Office\OSA9.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Andreas^Startmenü^Programme^Autostart^Ashampoo Mail Virus Blocker Server.lnk
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Ashampoo Mail Virus Blocker Server.lnk
backup C:\WINDOWS\pss\Ashampoo Mail Virus Blocker Server.lnkStartup
location Startup
command E:\ASHAMP~1\MAILVI~1\Server.exe
item Ashampoo Mail Virus Blocker Server
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Ashampoo Mail Virus Blocker Server.lnk
backup C:\WINDOWS\pss\Ashampoo Mail Virus Blocker Server.lnkStartup
location Startup
command E:\ASHAMP~1\MAILVI~1\Server.exe
item Ashampoo Mail Virus Blocker Server

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Andreas^Startmenü^Programme^Autostart^Iomega Product Registration.lnk
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Iomega Product Registration.lnk
backup C:\WINDOWS\pss\Iomega Product Registration.lnkStartup
location Startup
command C:\PROGRA~1\Iomega\REGIST~1\Register.exe /remind /language=DE /PRNM="Iomega Product"
item Iomega Product Registration
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\Iomega Product Registration.lnk
backup C:\WINDOWS\pss\Iomega Product Registration.lnkStartup
location Startup
command C:\PROGRA~1\Iomega\REGIST~1\Register.exe /remind /language=DE /PRNM="Iomega Product"
item Iomega Product Registration

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Andreas^Startmenü^Programme^Autostart^ScanDL.lnk
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\ScanDL.lnk
backup C:\WINDOWS\pss\ScanDL.lnkStartup
location Startup
command C:\PROGRA~1\ScanDL\ScanDL.exe -tray
item ScanDL
path C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\ScanDL.lnk
backup C:\WINDOWS\pss\ScanDL.lnkStartup
location Startup
command C:\PROGRA~1\ScanDL\ScanDL.exe -tray
item ScanDL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item atiptaxx
hkey HKLM
command C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AudioHQ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AHQTB
hkey HKLM
command C:\Programme\Creative\SBLive2k\AudioHQ\AHQTB.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AHQTB
hkey HKLM
command C:\Programme\Creative\SBLive2k\AudioHQ\AHQTB.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVGCtrl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AVGNT
hkey HKLM
command d:\AVPersonal\AVGNT.EXE /min
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AVGNT
hkey HKLM
command d:\AVPersonal\AVGNT.EXE /min
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackgroundSwitcher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bgswitch
hkey HKLM
command C:\WINDOWS\System32\bgswitch.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bgswitch
hkey HKLM
command C:\WINDOWS\System32\bgswitch.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bckzw
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yglxtrie
hkey HKLM
command C:\DOKUME~1\Andreas\ANWEND~1\yglxtrie.exe -QuieT
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yglxtrie
hkey HKLM
command C:\DOKUME~1\Andreas\ANWEND~1\yglxtrie.exe -QuieT
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NMBgMonitor
hkey HKCU
command "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CoffeeCup Spam Blocker
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SPAMBL~1
hkey HKLM
command "H:\COFFEE~2\SPAMBL~1\SPAMBL~1.EXE" -min
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SPAMBL~1
hkey HKLM
command "H:\COFFEE~2\SPAMBL~1\SPAMBL~1.EXE" -min
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Corel Reminder
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CorelCorelDRAW10 Reminder
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NavLoad
hkey HKLM
command "e:\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "e:\Corel\Graphics10\Register\NavLoad.ini"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NavLoad
hkey HKLM
command "e:\Corel\Graphics10\Register\NAVBrowser.exe" /r /i "e:\Corel\Graphics10\Register\NavLoad.ini"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\deupdchk
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item _WMP200000000269
hkey HKLM
command C:\WINDOWS\Dialer\_WMP200000000269.exe !
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item _WMP200000000269
hkey HKLM
command C:\WINDOWS\Dialer\_WMP200000000269.exe !
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Geburtstagsmanager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item burz
hkey HKLM
command e:\Geburtstagsmanager\burz.exe /silent
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item burz
hkey HKLM
command e:\Geburtstagsmanager\burz.exe /silent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Googlefilter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Googlefilter
hkey HKLM
command C:\Programme\GoogleFilter\Core\Googlefilter.exe /run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Googlefilter
hkey HKLM
command C:\Programme\GoogleFilter\Core\Googlefilter.exe /run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleTranslator2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item googletranslator
hkey HKCU
command h:\Google-Translator\googletranslator.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item googletranslator
hkey HKCU
command h:\Google-Translator\googletranslator.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotbar
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HbInst
hkey HKLM
command C:\Programme\Hotbar\bin\4.2.14.0\HbInst.exe /Upgrade
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HbInst
hkey HKLM
command C:\Programme\Hotbar\bin\4.2.14.0\HbInst.exe /Upgrade
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command E:\ICQ\ICQLite\ICQLite.exe -minimize
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command E:\ICQ\ICQLite\ICQLite.exe -minimize
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InCD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item InCD
hkey HKLM
command E:\Nero 5.5.9.14\Nero\InCD\InCD.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item InCD
hkey HKLM
command E:\Nero 5.5.9.14\Nero\InCD\InCD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IncrediMail
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IncMail
hkey HKLM
command E:\INCRED~1\bin\IncMail.exe /c
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IncMail
hkey HKLM
command E:\INCRED~1\bin\IncMail.exe /c
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "E:\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "E:\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Jet Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADGJDet
hkey HKLM
command C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADGJDet
hkey HKLM
command C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LiveMonitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LMonitor
hkey HKLM
command C:\Programme\MSI\Live Update 2\LMonitor.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LMonitor
hkey HKLM
command C:\Programme\MSI\Live Update 2\LMonitor.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Mirabilis ICQ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQNet
hkey HKLM
command E:\ICQ\ICQ\ICQNet.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQNet
hkey HKLM
command E:\ICQ\ICQ\ICQNet.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command C:\Programme\Messenger\msmsgs.exe /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command C:\Programme\Messenger\msmsgs.exe /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norman ZANDA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ZLH
hkey HKLM
command C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ZLH
hkey HKLM
command C:\NORMAN\nvc\BIN\ZLH.EXE /LOAD /SPLASH
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NVCLOCK
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32 nvclock
hkey HKLM
command rundll32 nvclock.dll,fnNvclock
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32 nvclock
hkey HKLM
command rundll32 nvclock.dll,fnNvclock
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OpiStat
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item OpiStat
hkey HKLM
command C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item OpiStat
hkey HKLM
command C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Overnet
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Overnet
hkey HKLM
command C:\Programme\Overnet\Overnet.exe -t
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Overnet
hkey HKLM
command C:\Programme\Overnet\Overnet.exe -t
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\POINTER
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item point32
hkey HKLM
command point32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item point32
hkey HKLM
command point32.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "E:\quicktime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "E:\quicktime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command d:\PowerDVD\PDVDServ.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command d:\PowerDVD\PDVDServ.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RivaTunerStartupDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RivaTuner
hkey HKLM
command "C:\Programme\RivaTuner\RivaTuner.exe" /S
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RivaTuner
hkey HKLM
command "C:\Programme\RivaTuner\RivaTuner.exe" /S
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmcService
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item smc
hkey HKLM
command E:\Sygate\SPF\smc.exe -startgui
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item smc
hkey HKLM
command E:\Sygate\SPF\smc.exe -startgui
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spamihilator
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item spamihilator
hkey HKCU
command "I:\Spamihilator\spamihilator.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item spamihilator
hkey HKCU
command "I:\Spamihilator\spamihilator.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item steam
hkey HKCU
command "e:\steam\steam.exe" -silent
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item steam
hkey HKCU
command "e:\steam\steam.exe" -silent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\THReminderVoll
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Reminder
hkey HKCU
command D:\Reminder\Reminder.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Reminder
hkey HKCU
command D:\Reminder\Reminder.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ToADiMon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ToADiMon
hkey HKLM
command D:\t-online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ToADiMon
hkey HKLM
command D:\t-online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Trickler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gain_trickler_3202
hkey HKLM
command "c:\programme\divx\divx pro codec\gain_trickler_3202.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gain_trickler_3202
hkey HKLM
command "c:\programme\divx\divx pro codec\gain_trickler_3202.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TuneUp MemOptimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MemOptimizer
hkey HKCU
command "E:\TuneUp Utilities 2006\MemOptimizer.exe" autostart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MemOptimizer
hkey HKCU
command "E:\TuneUp Utilities 2006\MemOptimizer.exe" autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UIWatcher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UIWatcher
hkey HKCU
command E:\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UIWatcher
hkey HKCU
command E:\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ulead AutoDetector v2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item monitor
hkey HKLM
command C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item monitor
hkey HKLM
command C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command e:\winamp5\winampa.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command e:\winamp5\winampa.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WINDVDPatch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winnet
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winnet
hkey HKLM
command C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winnet
hkey HKLM
command C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YAW starten
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fast
hkey HKCU
command "d:\yaw 3.5\fast.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fast
hkey HKCU
command "d:\yaw 3.5\fast.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ZDF.nachrichtenkurier
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item messenger
hkey HKCU
command C:\Programme\ZDFnachrichtenkurier\messenger.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item messenger
hkey HKCU
command C:\Programme\ZDFnachrichtenkurier\messenger.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun 185


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Hint passwort für die seite
FileName0 C:\WINDOWS\system32\RSACi.rat


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
PleaseMom 0
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
l 0
n 0
s 0
v 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .exe;.bat;.com;.cmd;.reg;.vbs;.inf;.msi;.htm;.html;.swf;.js;.mp3;.mp2;.ape;.apl;.flac;.shn;.mpc;.mp+;.wma;.ogg;.mp4
;.aac;.voc;.mid;.mac;.cda;.kar;.midi;.rar;.zip;.wav;.jpg;.gif;.png;.bmp;.jpeg;.doc;.xls;.pls;.pub;.dat;.html;.htm;.avi;mpg;
.mpeg;.nfo;.txt;.torrent;.diz;.ppt;.m3u;.sfv;.tar;.htt;.mht;.asp;.aspx;.tiff;.rtf;.ini;.cab;.ico;.icl;.ip;.iptheme;.msstyles;.theme;.dll;.psd;
.vbs;.swf;.php;.xaml;.iso;.bin;.cue;.xml;.par;.par2;.ace;.arj;.lzh;.7z;.gz;.bz;.uue;.bz2;.jar;.z;.ade;.adn;.adp;.aia;.img;.date;.aip;.ait;amf;
.ani;.aob;.asf;.csv;.fla;.pxr;.wmv;.nrg;.mov;.sav;.xhtml;.php5;.pxr;.m4a;.qxr;.h;.cpp;.pdd;.rle;.dib;.eps;.jpe;.pcx;.pdp;.raw;.pct;.pict;.sct
;.tga;.vda;.icd;.vst;.tif;.tpl;.log;.prx;.cdf;.nls;.ax;.msc;.cpl;.EXE;.BAT;.COM;.CMD;.REG;.VBS;.INF;.MSI;.HTM;.HTML;.SWF;.JS;.MP3;.MP2;
.APE;.APL;.FLAC;.SHN;.MPC;.MP+;.WMA;.OGG;.MP4;.AAC;.VOC;.MID;.MAC;.CDA;.KAR;.MIDI;.RAR;.ZIP;.WAV;.JPG;.GIF;.PNG;.BMP;.JPEG;.DOC;.XLS;
.PLS;.PUB;.DAT;.HTML;.HTM;.AVI;MPG;.MPEG;.NFO;.TXT;.TORRENT;.DIZ;.PPT;.M3U;.SFV;.TAR;.HTT;.MHT;.ASP;.ASPX;.TIFF;.RTF;.INI;.CAB;.ICO;.ICL;.IP;
.IPTHEME;.MSSTYLES;.THEME;.DLL;.PSD;.VBS;.SWF;.PHP;.XAML;.ISO;.BIN;.CUE;
.XML;.PAR;.PAR2;.ACE;.ARJ;.LZH;.7Z;.GZ;.BZ;.UUE;.BZ2;.JAR;.Z;.ADE;.ADN;.ADP;.AIA;.IMG;.DATE;.AIP;.AIT;AMF;.ANI;.AOB;.ASF;.CSV;.FLA;.PXR;.WMV;
.NRG;.MOV;.SAV;.XHTML;.PHP5;.PXR;.M4A;.QXR;.H;.CPP;.PDD;.RLE;.DIB;.EPS;.JPE;.PCX;
.PDP;.RAW;.PCT;.PICT;.SCT;.TGA;.VDA;.ICD;.VST;.TIF;.TPL;.LOG;.PRX;.CDF;.NLS;.AX;.MSC;.CPL;

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun _

NoLowDiskSpaceChecks 1
ClearRecentDocsOnExit 0
NoRecentDocsMenu 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#26 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\PROGRAMME\COMMONNAME\TOOLBAR" >>files.txt
dir "c:\programme\divx\divx pro codec" >>files.txt
dir "c:\programme\divx" >>files.txt
dir "C:\Programme" >>files.txt
notepad files.txt

------------------------------------------------------------------------------
virustotal
Oben auf der Seite --> auf Durchsuchen klicken -->Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\SYSTEM32\wodfamod.dll
C:\WINDOWS\SYSTEM32\x.264.exe
C:\WINDOWS\SYSTEM32\yv12vfw.dll

poste den berichte

-------------------------------------------------------------------------------

Liste für Dateitypen mit niedrigen/hohen Risiko festlegen
http://www.windowspage.de/frame.php?http://www.windowspage.de/gemeinsame/komponenten/associations/lowriskfiletypes.html
Diese Einstellung ermöglicht Ihnen, die Liste der Dateitypen mit niedrigem Risiko zu konfigurieren. Falls die Dateianlage in der Liste der Dateitypen mit niedrigem Risiko aufgeführt ist, wird der Benutzer nicht zum Bestätigen aufgefordert, bevor er auf die Datei zugreifen kann, unabhängig von der Zoneninformation der Datei.


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .exe;.bat;.com;.cmd;.reg;.vbs;.inf;.msi;.htm;.html;.swf;.js;.mp3;.mp2;.ape;.apl;.flac;.shn;.mpc;.mp+;.wma;.ogg;.mp4
;.aac;.voc;.mid;.mac;.cda;.kar;.midi;.rar;.zip;.wav;.jpg;.gif;.png;.bmp;.jpeg;.doc;.xls;.pls;.pub;.dat;.html;.htm;.avi;mpg;
.mpeg;.nfo;.txt;.torrent;.diz;.ppt;.m3u;.sfv;.tar;.htt;.mht;.asp;.aspx;.tiff;.rtf;.ini;.cab;.ico;.icl;.ip;.iptheme;.msstyles;.theme;.dll;.psd;
.vbs;.swf;.php;.xaml;.iso;.bin;.cue;.xml;.par;.par2;.ace;.arj;.lzh;.7z;.gz;.bz;.uue;.bz2;.jar;.z;.ade;.adn;.adp;.aia;.img;.date;.aip;.ait;amf;
.ani;.aob;.asf;.csv;.fla;.pxr;.wmv;.nrg;.mov;.sav;.xhtml;.php5;.pxr;.m4a;.qxr;.h;.cpp;.pdd;.rle;.dib;.eps;.jpe;.pcx;.pdp;.raw;.pct;.pict;.sct
;.tga;.vda;.icd;.vst;.tif;.tpl;.log;.prx;.cdf;.nls;.ax;.msc;.cpl;.EXE;.BAT;.COM;.CMD;.REG;.VBS;.INF;.MSI;.HTM;.HTML;.SWF;.JS;.MP3;.MP2;
.APE;.APL;.FLAC;.SHN;.MPC;.MP+;.WMA;.OGG;.MP4;.AAC;.VOC;.MID;.MAC;.CDA;.KAR;.MIDI;.RAR;.ZIP;.WAV;.JPG;.GIF;.PNG;.BMP;.JPEG;.DOC;.XLS;
.PLS;.PUB;.DAT;.HTML;.HTM;.AVI;MPG;.MPEG;.NFO;.TXT;.TORRENT;.DIZ;.PPT;.M3U;.SFV;.TAR;.HTT;.MHT;.ASP;.ASPX;.TIFF;.RTF;.INI;.CAB;.ICO;.ICL;.IP;
.IPTHEME;.MSSTYLES;.THEME;.DLL;.PSD;.VBS;.SWF;.PHP;.XAML;.ISO;.BIN;.CUE;
.XML;.PAR;.PAR2;.ACE;.ARJ;.LZH;.7Z;.GZ;.BZ;.UUE;.BZ2;.JAR;.Z;.ADE;.ADN;.ADP;.AIA;.IMG;.DATE;.AIP;.AIT;AMF;.ANI;.AOB;.ASF;.CSV;.FLA;.PXR;.WMV;
.NRG;.MOV;.SAV;.XHTML;.PHP5;.PXR;.M4A;.QXR;.H;.CPP;.PDD;.RLE;.DIB;.EPS;.JPE;.PCX;
.PDP;.RAW;.PCT;.PICT;.SCT;.TGA;.VDA;.ICD;.VST;.TIF;.TPL;.LOG;.PRX;.CDF;.NLS;.AX;.MSC;.CPL;

arbeite auf der seite die links durch
Querverweise:
* Standardrisikostufe für Dateianlagen festlegen
* Dateitypen mit hohem Risiko festlegen
* Dateitypen mit mittlerem Risiko festlegen

und aendere diesen Schluessel, sonst ist das Risiko zu gross.
am besten alles rausloeschen, ausser den drei Datei-Endungen, die von Windows als Standart festgelegt sind (siehe Bild auf der Seite)
__________
MfG Sabina

rund um die PC-Sicherheit

#27 Nach starten der Listen.bat kommt:

C:\Dokumente und Einstellungen\Andreas\Desktop>cd\

C:\>dir "C:\PROGRAMME\COMMONNAME\TOOLBAR" 1>>files.txt
Das System kann die angegebene Datei nicht finden.

C:\>dir "c:\programme\divx\divx pro codec" 1>>files.txt

C:\>dir "c:\programme\divx" 1>>files.txt

C:\>dir "C:\Programme" 1>>files.txt

C:\>notepad files.txt

Danach geht noch eine Text Datei auf, die files.txt heisst und viele Programme anzeigt die installiert sind.

Von Virustotal:

C:\WINDOWS\SYSTEM32\wodfamod.dll <> no virus found bei allen
C:\WINDOWS\SYSTEM32\x.264.exe <> no virus found bei allen ausser
Fortinet 2.77.0.0 07.05.2006 suspicious
C:\WINDOWS\SYSTEM32\yv12vfw.dll <> no virus found bei allen

#28 1.
LSPfix
http://www.spychecker.com/program/lspfix.html
schreibe mir, welche dll du auf der rechten oder linken seite findest (nichts loeschen !)


---------------------------------------------------------------------------
(ist fuer mich)
C:\PROGRAMME\COMMONNAME\COMMONNAME TOOLBAR\CNBARIE.DLL
C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
http://www.adoko.com/imesh.html
C:\Programme\Win!Browser bar\MultiBrowser.dll
C:\Programme\Hotbar\bin\4.2.14.0

C:\Programme\Hotbar\bin\4.2.14.0
http://virus-protect.org/artikel/spyware/hotbar.html

C:\PROGRAMME\COMMONNAME\COMMONNAME TOOLBAR

---------------------------------------------------

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotbar
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HbInst
hkey HKLM
command C:\Programme\Hotbar\bin\4.2.14.0\HbInst.exe /Upgrade
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HbInst
hkey HKLM
command C:\Programme\Hotbar\bin\4.2.14.0\HbInst.exe /Upgrade
inimapping 0

-----------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net
http://virus-protect.org/lspfix.html

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\deupdchk
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item _WMP200000000269
hkey HKLM
command C:\WINDOWS\Dialer\_WMP200000000269.exe !
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item _WMP200000000269
hkey HKLM
command C:\WINDOWS\Dialer\_WMP200000000269.exe !
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bckzw
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yglxtrie
hkey HKLM
command C:\DOKUME~1\Andreas\ANWEND~1\yglxtrie.exe -QuieT
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yglxtrie
hkey HKLM
command C:\DOKUME~1\Andreas\ANWEND~1\yglxtrie.exe -QuieT
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Trickler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gain_trickler_3202
hkey HKLM
command "c:\programme\divx\divx pro codec\gain_trickler_3202.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gain_trickler_3202
hkey HKLM
command "c:\programme\divx\divx pro codec\gain_trickler_3202.exe"
inimapping 0
__________
MfG Sabina

rund um die PC-Sicherheit

#29 LSPfix meldet nur auf der linken Seite unter "Keep"

mswsock.dll - Tcpip
winrnr.dll - NTDS
nwprovau.dll - NWlink IPX/SPX/NetBIOS....
rsvpsp.dll - (Protocol handler)

#30 ueberpruefe mit Virustotal:

Oben auf der Seite --> auf Durchsuchen klicken -->Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\yglxtrie.exe
C:\WINDOWS\Dialer\_WMP200000000269.exe
__________
MfG Sabina

rund um die PC-Sicherheit