autoplay in Laufwerk C und suchfunktion bei CD Laufwerk

#0
03.04.2007, 14:11
Member

Themenstarter

Beiträge: 25
#16 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ygafittg

*******************

Script file located at: \??\C:\Documents and Settings\xxcpywkk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwasfsd not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwasfsd failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwasfsd
Status: 0xc0000034

File C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe deleted successfully.


File C:\WINDOWS\Downloaded Program Files\popcaploader.inf not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\popcaploader.inf failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Status: 0xc0000034



File C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\miniclipGameLoader.dll
Status: 0xc0000034



File C:\WINDOWS\Downloaded Program Files\popcaploader.dll not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\popcaploader.dll failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Status: 0xc0000034



File C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
Status: 0xc0000034

File C:\WINDOWS\Downloaded Program Files\ATPartners.inf deleted successfully.


File C:\WINDOWS\Downloaded Program Files\CandyBarBGM.inf not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\CandyBarBGM.inf failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\CandyBarBGM.inf
Status: 0xc0000034

File C:\WINDOWS\system32\f3PSSavr.scr deleted successfully.


File c:\windows\system32\ogleac.exe not found!
Deletion of file c:\windows\system32\ogleac.exe failed!

Could not process line:
c:\windows\system32\ogleac.exe
Status: 0xc0000034

File C:\Windows\System32\drivers\uwasfsd.sys deleted successfully.


Folder C:\Program Files\Common Files\GMT not found!
Deletion of folder C:\Program Files\Common Files\GMT failed!

Could not process line:
C:\Program Files\Common Files\GMT
Status: 0xc0000034

Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.1 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.10 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.11 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.12 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.13 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.14 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.15 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.16 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.17 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.18 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.19 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.2 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.20 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.21 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.22 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.23 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.24 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.25 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.26 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.27 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.28 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.29 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.3 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.30 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.31 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.4 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.5 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.6 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.7 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.8 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.9 deleted successfully.
Folder C:\Program Files\Absolute Poker deleted successfully.
Folder C:\Program Files\FunWebProducts deleted successfully.
Folder C:\Program Files\Jnberdg deleted successfully.
Folder C:\Program Files\MyWebSearch deleted successfully.
Folder C:\Program Files\PacificPoker deleted successfully.
Folder C:\Program Files\PowerQuest deleted successfully.
Folder C:\Program Files\WinAntiSpyware 2006 Scanner deleted successfully.


Folder C:\Program Files\Common Files\WinAntiSpyware 2006 Free not found!
Deletion of folder C:\Program Files\Common Files\WinAntiSpyware 2006 Free failed!

Could not process line:
C:\Program Files\Common Files\WinAntiSpyware 2006 Free
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6217428-905B-452F-B14D-1D2FEA169D52} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6217428-905B-452F-B14D-1D2FEA169D52} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006 Scanner not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006 Scanner failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evihkyo deleted successfully.

Completed script processing.

*******************

Finished! Terminate.






ok lade gerade http://virus-protect.org/counterspy1.html runter dauert aber noch ne gute stunde
Seitenanfang Seitenende
03.04.2007, 16:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 wenns fertig ist, lasse alles gefundene mit remove loeschen und dann poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.04.2007, 12:54
Member

Themenstarter

Beiträge: 25
#18 Ich habe nach dem loeschen der ganzen Datein einen neustart und dann einen erneuten scan gemacht. Jetzt bin ich mir nicht sicher ob du genau den Report von dem ersten scan haben wolltest da wo ich alles geloescht habe.

Weil er zeigt ja immer nur den Bericht vom letzten scan an.
Seitenanfang Seitenende
05.04.2007, 13:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 Tempest

dann lass - es geht in Ordnung, weil du ja schon alles geloescht hast ;)

««
scanne mit Bitdefender/Online und poste den report
http://virus-protect.org/onlinescan.html

+
berichte, ob der Rechner nun korrekt funktioniert (oder welche Probleme es noch gibt)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.04.2007, 16:40
Member

Themenstarter

Beiträge: 25
#20 Ich habe es 2 mal checken muessen weil er beim ersten mal stehen geblieben ist. Die meisten sachen wurden schon beim ersten mal geloescht deswegen ist es jetzt so wenig.
Leider besteht das Problem immer noch
Es ist bei Laufwerk C, meiner externen Festplatte sowie bei meinem DVD Laufwerk die funktion serch ganz oben wenn ich rechtsklick mache (es oeffnet sich das suce Datei Fenster von Windows wenn ich doppelklick mache)
Ich kann es nur oeffnen wenn ich rechtsklick und dann das 2 von oben (oeffnen) benutze.
Das muss man doch irgentwo einstellen koennen?


BitDefender Online Scanner - Real Time Virus Report

Generated at: Fri, Apr 06, 2007 - 22:36:34

Infected Files
5

Virus Detected
Win32.Jeefo.A
3

Trojan.Peed.Gen
1

Trojan.Startpage.DLL
1

--------------------------------------------------------------------------------
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
Seitenanfang Seitenende
06.04.2007, 17:20
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 ««
poste dieses log
http://virus-protect.org/silentrunner.html

««
und wenn es klappt, dieses log auch
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
07.04.2007, 06:57
Member

Themenstarter

Beiträge: 25
#22 "Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"BitTorrent" = ""F:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"(Default)" = "(empty string)" [file not found]
"SBCSTray" = "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" ["Sunbelt Software"]
"SsAAD.exe" = "C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]
"{A68865DD-EE3C-4442-9BE9-1BAB2576E3FA}" = "NOMAD Explorer"
-> {HKLM...CLSID} = "NOMAD Explorer"
\InProcServer32\(Default) = "C:\Program Files\Creative\NOMAD Explorer\CTJBNS.DLL" ["Creative Technology Ltd"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
-> {HKLM...CLSID} = "Universal Plug and Play Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{329E4C0E-9B95-4EA9-83AF-5B6FBD190477}" = "*"
-> {HKLM...CLSID} = "Burn My Files ( New ) "
\InProcServer32\(Default) = "C:\PROGRA~1\GetData\BURNMY~1\BURNMY~1.DLL" ["GetData Pty Ltd"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll" ["SEIKO EPSON CORPORATION"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [file not found]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
*\(Default) = "{329E4C0E-9B95-4EA9-83AF-5B6FBD190477}"
-> {HKLM...CLSID} = "Burn My Files ( New ) "
\InProcServer32\(Default) = "C:\PROGRA~1\GetData\BURNMY~1\BURNMY~1.DLL" ["GetData Pty Ltd"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_BINARY) hex;)2 FF FF 03
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
-> {HKLM...CLSID} = "My Web Search"
\InProcServer32\(Default) = "C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL" [file not found]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = "My Web Search Quick View"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]


Und hier das vom 2.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 06-08-31 05:30:14 769996 C:\DSCF0929.JPG

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 06-07-12 10:52:30 18432 C:\WINDOWS\ss3unstl.exe

Checking %System% folder...
aspack 05-12-05 17:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 06-03-31 11:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
PEC2 01-08-18 20:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 07-03-15 18:19:28 1476992 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 07-03-08 04:36:32 12619736 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 07-03-08 04:36:32 12619736 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04-08-04 00:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04-08-04 00:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 01-08-18 20:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 07-03-15 18:17:08 336768 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PTech 04-08-03 22:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
07-04-05 19:54:40 S 2048 C:\WINDOWS\bootstat.dat
07-04-02 10:03:22 HS 7680 C:\WINDOWS\Thumbs.db
07-04-01 14:11:22 HS 67 C:\WINDOWS\Fonts\desktop.ini
07-04-06 13:12:56 H 0 C:\WINDOWS\LastGood\INF\oem52.inf
07-04-06 13:12:56 H 0 C:\WINDOWS\LastGood\INF\oem52.PNF
07-03-05 16:51:10 H 25755448 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\909f0d72f3fc599f99f54ad85fc3b8b4\BIT69.tmp
07-03-09 00:02:22 S 13402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925902.cat
07-03-15 18:19:50 S 9798 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
07-04-06 13:27:42 H 1024 C:\WINDOWS\system32\config\default.LOG
07-04-07 12:28:12 H 1024 C:\WINDOWS\system32\config\SAM.LOG
07-04-07 12:29:00 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
07-04-07 13:01:40 H 1024 C:\WINDOWS\system32\config\software.LOG
07-04-07 12:29:00 H 1024 C:\WINDOWS\system32\config\system.LOG
07-04-01 15:52:58 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
07-03-16 07:36:26 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\ba4be335-968f-49f7-8046-b676c34c6df5
07-03-16 07:36:26 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
07-04-05 19:54:42 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
03-08-19 15:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 04-08-04 00:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 05-09-22 01:25:50 299008 C:\WINDOWS\SYSTEM32\ALSndMgr.Cpl
Microsoft Corporation 04-08-04 00:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04-08-04 00:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 05-12-07 10:25:52 350720 C:\WINDOWS\SYSTEM32\camcpl.cpl
Microsoft Corporation 04-08-04 00:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04-08-04 00:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04-08-04 00:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 04-06-06 11:43:28 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 07-01-08 19:02:10 1823744 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04-08-04 00:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04-08-04 00:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04-08-04 00:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 01-08-18 20:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04-08-04 00:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 01-08-18 20:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04-08-04 00:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04-08-04 00:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04-08-04 00:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04-08-04 00:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Realtek Semiconductor Corp. 06-08-18 21:58:12 282624 C:\WINDOWS\SYSTEM32\RTSndMgr.Cpl
Microsoft Corporation 04-08-04 00:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 01-08-18 20:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04-08-04 00:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04-08-04 00:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 05-05-26 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 07-01-08 19:02:10 1823744 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 01-08-18 20:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 01-08-18 20:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 01-08-18 20:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 05-05-26 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
05-12-14 23:53:28 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
05-12-14 22:58:50 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
07-01-01 14:04:02 0 C:\Documents and Settings\All Users\Application Data\ISx1.tmp
06-12-30 23:31:02 0 C:\Documents and Settings\All Users\Application Data\ISx1AA.tmp
06-12-31 21:17:28 0 C:\Documents and Settings\All Users\Application Data\ISx67.tmp
06-12-12 13:07:48 0 C:\Documents and Settings\All Users\Application Data\ISx73.tmp
06-12-13 16:55:20 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
07-04-05 19:54:44 6322 C:\Documents and Settings\All Users\Application Data\Svclog.log

Checking files in %USERPROFILE%\Startup folder...
05-12-14 23:53:28 HS 84 C:\Documents and Settings\Tim\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
06-12-12 17:35:50 0 C:\Documents and Settings\Tim\Application Data\AVSDVDPlayer.m3u
05-12-14 22:58:50 HS 62 C:\Documents and Settings\Tim\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EPPShellEx
{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78} = C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{04BEAB9D-5C42-4C40-BBF0-C6C7470AD2B2}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9A7D6AD2-0881-451F-BB27-F5E2EE2C5B14}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar :
{07B18EA9-A523-4961-B6BB-170DE4475CCA} = My Web Search : C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

SBCSTray C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
SsAAD.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
swg C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
BitTorrent "F:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup C:\WINDOWS\pss\GStartup.lnkCommon Startup
location Common Startup
command C:\Program Files\Common Files\GMT\GMT.exe /startup
item GStartup
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup C:\WINDOWS\pss\GStartup.lnkCommon Startup
location Common Startup
command C:\Program Files\Common Files\GMT\GMT.exe /startup
item GStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item imc
hkey HKCU
command C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item imc
hkey HKCU
command C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key ÐtÜL MXÛ³?%Rê
FileName0 C:\WINDOWS\system32\RSACi.rat
Hint the password is "steve"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 0
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
l 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoDrives ÒÿÿL MXÛ³?%Rê
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 07-04-07 13:09:22
Dieser Beitrag wurde am 07.04.2007 um 08:49 Uhr von Tempest editiert.
Seitenanfang Seitenende
07.04.2007, 14:05
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 Relevanter Eintrag:

"nodrives" für "Diese angegebenen Datenträger im Arbeitsplatz ausblenden" und
"noviewondrive" für "Zugriff auf Laufwerke vom Arbeitsplatz nicht zulassen" beides sind Reg_DWords.

--------------------------------------------------------------------

Start - Ausfuehren - regedit

klicke dich durch zu den schluesseln:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDrives - ÒÿÿL MXÛ³?%Rê - loeschen

http://www.windowspage.de/frame.php?http://www.windowspage.de/gemeinsame/desktop/nodrives.html
--------

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

Key - ÐtÜL MXÛ³?%Rê - loeschen
Hint the password is "steve" loeschen


PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.04.2007, 08:09
Member

Themenstarter

Beiträge: 25
#24 Ok alle dateien geloescht aber nichts passiert.
Selbe Problem.
Seitenanfang Seitenende
08.04.2007, 12:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#25 Oeffne den Texteditor (Notepad) und kopiere diesen Text rein. mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. abspeichern als: 018.bat
Doppeltklicken und kopiere den Text ab, der angezeigt wird. - c:\key4.txt

Zitat

regedit /e c:\key4.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer"
start notepad.exe c:\key4.txt
exit

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.04.2007, 09:51
Member

Themenstarter

Beiträge: 25
#26 Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
Seitenanfang Seitenende
09.04.2007, 17:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#27 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken - und der registry beifuegen (mit Y )

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
PC neustarten

´´´´´´´´´´´´

beschreibe das Problem noch mal korrekt, so dass ich es verstehe.............

Es ist bei Laufwerk C, meiner externen Festplatte sowie bei meinem DVD Laufwerk die funktion serch ganz oben.......
....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.04.2007, 12:12
Member

Themenstarter

Beiträge: 25
#28 gibt es die Moeglichkeit dir einen screenshot zu posten?

Ich weis bloss nicht wo er die screenshots abspeichert
Dieser Beitrag wurde am 10.04.2007 um 12:49 Uhr von Tempest editiert.
Seitenanfang Seitenende
10.04.2007, 14:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#29 als Anhang - siehe unten ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.04.2007, 14:57
Member

Themenstarter

Beiträge: 25
#30 nun weis ich aber immer noch in welchen ordner er die screenshots packt kann sie nicht finden ; )



Ok ich beschreibe es nochmal.

Wenn ich mit meiner Maus im Explorer doppelklick auf (Laufwerk C, Meine Tragbare Festplatte oder das DVD Laufwerk) mache oeffnet sich die suchfunktion von Windows.

wenn ich mit der rechten Maustaste wuf eines dieser laufwerke klicke steht an erster stelle search an 2 stelle open und an 3 explore.

als ich hier zum ersten mal mein Problem geschildert hatte war noch bei Laufwerk C und und meiner externen Festplatte die Autoplay funktion an erster stelle und er hatte mir eine error meldung angezeigt wenn ich doppelklick drauf gemacht hatte.

Dieses Problem haben wir aber irgentwie behoben mit einer deiner fehlersuchfunktionen.
Nun wuerde ich noch gern irgentwie diese suchfunktion wieder raus bekommen.
Dieser Beitrag wurde am 10.04.2007 um 15:33 Uhr von Tempest editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: