Ergebnis 1 bis 6 von 6

Thema: Pop Up nervt tierisch!

  1. #1
    Einsteiger
    Registriert seit
    28.05.2006
    Beiträge
    4

    Pop Up nervt tierisch!

    Hallo leute hoffe kann die Nachricht jetzt zu ende schreiben ohne dass es mir das Fenster wegpoppt wie ebend.
    Genau das ist mein Problem seit heut und ich hab auch erst 6 Stunden erfolglos damit verbracht es zu lösen,desshalb jetz hier für euch meine Log:

    wär für jeden Rat dankbar der das Problem erkennt!

    Danke Kloppek


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe Acrobat\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [defender] C:\\defender23.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [updateMgr] D:\Programme\Adobe Acrobat\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Programme\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [HijackThis startup scan] D:\Hijackthis\HijackThis.exe /startupscan
    O4 - Startup: Registration-Studio 8.lnk = D:\Programme\Pinnacle\Register\RegTool.exe
    O8 - Extra context menu item: &MSN Suche - res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm
    O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?b223ba357aad4e338c7a6c8214794e79
    O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?b223ba357aad4e338c7a6c8214794e79
    O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra button: eBay - {60FF3727-80F3-4181-980F-CE95137B6359} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133536386614
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arsch
    O17 - HKLM\Software\..\Telephony: DomainName = arsch
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6D5282-FB21-40B4-8F2F-6B11A107CC5A}: NameServer = 217.237.151.33,217.237.149.225
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = arsch
    O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\j62qlgf5162.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe

  2. #2
    Ehrenmitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.583

    AW: Pop Up nervt tierisch!

    hi, ich rate dir zuerst einmal ein komplettes hjt-logfile mit der version 1.99.1, die im ordner c:\programme\hijackthis installiert ist zu posten.

    vermutung -> look2me und smitfraud , daher auch

    downlaod von datfindbat, führe es nach anleitung aus und poste den inhalt der erstellten logfiles (das werden 4 stück, wobei von c:\windows\system32 nur die letzten 30 tage gepostet werden sollten)
    lg
    http://members.linzag.net/680262/ff.jpgwww.Speedyweb.at.tfhttp://members.linzag.net/680262/tb.jpg
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche Windows forum und keinesfalls über privatnachrichten oder email !!

  3. #3
    Einsteiger
    Registriert seit
    28.05.2006
    Beiträge
    4

    AW: Pop Up nervt tierisch!

    Na dann ersteinmal nen bissl mehr Post , Dank Dir!!



    0)
    HijackThis v1.99.1
    Scan saved at 00:27:56, on 29.05.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
    C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Programme\TOSHIBA\Tvs\TvsTray.exe
    C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
    C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    D:\Programme\Adobe Acrobat\Distillr\Acrotray.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\QuickTime\qttask.exe
    D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
    C:\defender23.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    D:\Hijackthis\HijackThis.exe
    D:\Programme\AntiVir PersonalEdition Classic\sched.exe
    D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
    D:\Programme\mozilla\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\notepad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe Acrobat\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [defender] C:\\defender23.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [updateMgr] D:\Programme\Adobe Acrobat\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Programme\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [HijackThis startup scan] D:\Hijackthis\HijackThis.exe /startupscan
    O4 - Startup: Registration-Studio 8.lnk = D:\Programme\Pinnacle\Register\RegTool.exe
    O8 - Extra context menu item: &MSN Suche - res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm
    O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?b223ba357aad4e338c7a6c8214794e79
    O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?b223ba357aad4e338c7a6c8214794e79
    O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra button: eBay - {60FF3727-80F3-4181-980F-CE95137B6359} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133536386614
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arsch
    O17 - HKLM\Software\..\Telephony: DomainName = arsch
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6D5282-FB21-40B4-8F2F-6B11A107CC5A}: NameServer = 217.237.151.33,217.237.149.225
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = arsch
    O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\j62qlgf5162.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe




    1)SYS.TXT
    Volume in Laufwerk C: hat keine Bezeichnung.
    Volumeseriennummer: 8093-1DB6

    Verzeichnis von C:\

    29.05.2006 00:12 0 sys.txt
    29.05.2006 00:10 11.388 system.txt
    29.05.2006 00:10 5.089 systemtemp.txt
    29.05.2006 00:09 100.901 system32.txt
    28.05.2006 23:20 1.073.201.152 hiberfil.sys
    28.05.2006 23:20 1.610.612.736 pagefile.sys
    28.05.2006 13:39 578.560 warebundle.exe
    28.05.2006 13:39 36.864 defender23.exe
    24.04.2006 22:06 185.659 ptcsetup.log
    04.02.2006 19:45 361.184 ptcsetup.bak
    30.10.2005 23:48 211 boot.ini
    24.08.2005 15:04 237 SWSTAMP.TXT
    17.08.2005 14:44 0 MSDOS.SYS
    17.08.2005 14:44 0 IO.SYS
    17.08.2005 14:44 0 CONFIG.SYS
    17.08.2005 14:44 0 AUTOEXEC.BAT
    04.08.2004 14:00 4.952 bootfont.bin
    04.08.2004 14:00 251.184 ntldr
    04.08.2004 14:00 47.564 NTDETECT.COM
    19 Datei(en) 2.685.397.681 Bytes
    0 Verzeichnis(se), 1.349.750.784 Bytes frei

    Volume in Laufwerk C: hat keine Bezeichnung.
    Volumeseriennummer: 8093-1DB6

    2) Verzeichnis von C:\WINDOWS\system32

    28.05.2006 23:20 235.261 mbd32.dll
    28.05.2006 23:12 234.119 hr4805hue.dll
    28.05.2006 23:12 233.735 io41_qcx.dll
    28.05.2006 23:12 235.261 j62qlgf5162.dll
    28.05.2006 23:06 234.592 mvg4dmod.dll
    28.05.2006 23:02 233.735 uxrfaxa.dll
    28.05.2006 22:59 234.208 msc70u.dll
    28.05.2006 22:48 233.735 TdsCtrl.dll
    28.05.2006 22:43 236.371 cjbjmon.dll
    28.05.2006 22:27 237.257 tNpi3.dll
    28.05.2006 21:58 236.371 nmtfxperf.dll
    28.05.2006 21:16 235.676 swmedia.dll
    28.05.2006 20:28 235.642 wsavusd.dll
    28.05.2006 20:21 234.135 vzwwdm32.dll
    28.05.2006 20:11 235.958 maacm32.dll
    28.05.2006 19:53 234.135 stoolss.dll
    28.05.2006 19:48 235.958 apapi.dll
    28.05.2006 18:36 234.272 omuninst.dll
    22.05.2006 20:54 1.158 wpa.dbl
    04.05.2006 06:26 5.818.784 MRT.exe
    17.04.2006 18:04 34.308 BASSMOD.dll
    17.04.2006 16:33 100 LuResult.txt
    02.04.2006 17:48 380.684 perfh009.dat
    02.04.2006 17:48 53.098 perfc009.dat
    02.04.2006 17:48 391.574 perfh007.dat
    02.04.2006 17:48 63.976 perfc007.dat
    02.04.2006 17:48 898.510 PerfStringBackup.INI
    30.03.2006 11:27 1.495.040 shdocvw.dll
    30.03.2006 03:52 25.600 xpsp3res.dll
    23.03.2006 22:33 3.076.608 mshtml.dll
    18.03.2006 13:07 616.448 urlmon.dll
    17.03.2006 11:11 679.424 inetcomm.dll
    17.03.2006 06:03 8.493.056 shell32.dll
    17.03.2006 02:38 28.672 verclsid.exe
    10.03.2006 06:09 5.533.696 wmp.dll
    07.03.2006 19:01 178.648 FNTCACHE.DAT
    04.03.2006 06:00 669.184 wininet.dll
    04.03.2006 06:00 474.624 shlwapi.dll
    04.03.2006 06:00 532.480 mstime.dll
    04.03.2006 06:00 39.424 pngfilt.dll
    04.03.2006 06:00 146.432 msrating.dll
    04.03.2006 06:00 448.512 mshtmled.dll
    04.03.2006 06:00 251.904 iepeers.dll
    04.03.2006 06:00 96.768 inseng.dll
    04.03.2006 06:00 1.056.256 danim.dll
    04.03.2006 06:00 152.064 cdfview.dll
    04.03.2006 06:00 205.312 dxtrans.dll
    04.03.2006 06:00 55.808 extmgr.dll
    04.03.2006 06:00 1.022.976 browseui.dll
    01.03.2006 21:41 11.776 xolehlp.dll
    01.03.2006 21:41 91.136 mtxoci.dll
    01.03.2006 21:41 66.560 mtxclu.dll
    01.03.2006 21:41 161.280 msdtcuiu.dll
    01.03.2006 21:41 956.416 msdtctm.dll
    01.03.2006
    0
    28.113 Ole2.reg
    2063 Datei(en) 392.596.417 Bytes
    0 Verzeichnis(se), 1.349.701.632 Bytes frei
    Volume in Laufwerk C: hat keine Bezeichnung.
    Volumeseriennummer: 8093-1DB6

    3) Verzeichnis von C:\WINDOWS

    28.05.2006 23:20 0 0.log
    28.05.2006 23:20 159 wiadebug.log
    28.05.2006 23:20 1.907.702 WindowsUpdate.log
    28.05.2006 23:20 50 wiaservc.log
    28.05.2006 23:20 2.048 bootstat.dat
    28.05.2006 23:19 32.542 SchedLgU.Txt
    28.05.2006 23:10 1.707.548 ntbtlog.txt
    28.05.2006 21:06 116 NeroDigital.ini
    28.05.2006 13:39 0 keyboard231.dat
    28.05.2006 13:06 54.156 QTFont.qfn
    24.05.2006 16:40 82.878 wmsetup.log
    17.05.2006 12:11 901.051 setupapi.log
    11.05.2006 09:48 62.144 iis6.log
    11.05.2006 09:48 145.789 comsetup.log
    11.05.2006 09:48 1.374 imsins.log
    11.05.2006 09:48 164.875 tsoc.log
    11.05.2006 09:48 90.084 ntdtcsetup.log
    11.05.2006 09:48 23.363 ocmsn.log
    11.05.2006 09:48 16.193 KB913580.log
    11.05.2006 09:48 224.142 ocgen.log
    11.05.2006 09:48 21.017 msgsocm.log
    11.05.2006 09:48 397.160 FaxSetup.log
    11.05.2006 09:47 27.988 updspapi.log
    26.04.2006 23:17 1.374 imsins.BAK
    26.04.2006 23:17 12.253 KB900485.log
    19.04.2006 20:01 613 cdplayer.ini
    17.04.2006 21:59 1.409 QTFont.for
    16.04.2006 13:37 1.830 spupdsvc.log
    14.04.2006 19:16 15.705 KB908531.log
    14.04.2006 19:16 14.946 KB911562.log
    14.04.2006 19:16 17.382 KB912812.log
    14.04.2006 19:16 26.436 KB911565.log
    14.04.2006 19:15 11.231 KB911567.log
    07.04.2006 13:12 293 nsw.log
    06.03.2006 00:08 221.414 setupact.log
    05.03.2006 20:51 231 system.ini
    05.03.2006 20:47 1.068.844 setuplog.txt
    03.03.2006 20:56 121 GEARInstall.log
    25.02.2006 19:18 145 TRNSYSlite.INI
    18.02.2006 22:38 11.581 KB911927.log
    18.02.2006 22:38 13.247 KB911564.log
    17.02.2006 22:11 6.829 KB913446.log
    17.02.2006 00:39 166 LAUTER.INI
    17.02.2006 00:38 623 win.ini
    02.02.2006 22:12 183.296 NDNuninstall7_22.exe

    221 Datei(en) 68.994.491 Bytes
    0 Verzeichnis(se), 1.349.816.320 Bytes frei

    4) Volume in Laufwerk C: hat keine Bezeichnung.
    Volumeseriennummer: 8093-1DB6

    Verzeichnis von C:\DOKUME~1\icke\LOKALE~1\Temp

    28.05.2006 23:20 16.384 ~DF362A.tmp
    24.05.2006 16:40 717 control.xml
    22.05.2006 23:52 59.964 Adobelm_Cleanup.0001
    19.05.2006 22:54 0 NER14.tmp
    19.05.2006 22:52 0 TempCover2
    19.05.2006 01:06 0 ptd1F.tmp
    30.04.2006 06:58 0 aaxE.tmp
    25.04.2006 21:51 512 ~DF6616.tmp
    25.04.2006 21:51 16.384 3
    24.04.2006 21:23 689 tools_attach.gif
    23.04.2006 20:04 24.994 .gif
    23.04.2006 15:52 0 tb49B.tmp
    23.04.2006 15:51 0 jsb9A.tmp
    19.04.2006 00:16 0 tsj23.tmp
    19.04.2006 00:13 0 uk322.tmp
    19.04.2006 00:12 0 yg721.tmp
    19.04.2006 00:12 0 hr020.tmp
    19.04.2006 00:08 0 wsg1F.tmp
    19.04.2006 00:07 0 0in1E.tmp
    18.04.2006 23:55 416 java_install_reg.log
    17.04.2006 22:00 0 f3p1E2.tmp
    17.04.2006 21:45 0 rc81E1.tmp
    17.04.2006 21:43 0 xwt1E0.tmp
    17.04.2006 21:38 0 z491DF.tmp
    17.04.2006 21:36 0 w2e1DE.tmp
    17.04.2006 21:33 0 57q1DD.tmp
    17.04.2006 21:29 0 h401DC.tmp
    17.04.2006 21:26 0 24x1DB.tmp
    17.04.2006 21:19 72.192 ~e5.0001
    17.04.2006 20:11 56 ravi-3.ram
    17.04.2006 19:53 56 ravi-2.ram
    17.04.2006 19:43 127 ravi-1.ram
    17.04.2006 19:29 127 ravi.ram
    17.04.2006 18:11 1.476.861 tem97.swf
    17.04.2006 18:05 879.088 tem95.swf
    17.04.2006 16:35 6.736.070 Norton Internet Security 4-17-2006 16h32m1s.log
    17.04.2006 16:35 3.287 LSInstall.log
    17.04.2006 16:35 2.515 SNDunin.log
    17.04.2006 16:34 1.870 IDSinst.LOG
    17.04.2006 16:34 89.900 symcprop.dat
    17.04.2006 16:32 124 AVRES_OPTRF_LiveUpdate.dat
    17.04.2006 15:52 370 MSIcfde2.LOG
    08.04.2006 17:32 797.676 IMT47.xml
    08.04.2006 17:32 426 IMT46.xml
    08.04.2006 17:32 2.036 IMT45.xml
    08.04.2006 17:31 1.022 IMT44.dtd
    08.04.2006 17:31 2.794.308 IMT43.xml
    08.04.2006 17:30 797.676 IMT42.xml
    08.04.2006 17:30 426 IMT41.xml
    08.04.2006 17:30 2.036 IMT40.xml
    08.04.2006 17:30 797.676 IMT3E.xml
    08.04.2006 17:30 426 IMT3D.xml
    08.04.2006 17:30 2.036 IMT3C.xml
    08.04.2006 17:03 797.676 IMT17.xml
    08.04.2006 17:03 426 IMT16.xml
    08.04.2006 17:03 2.036 IMT15.xml
    07.04.2006 13:46 797.676 IMT22.xml
    07.04.2006 13:46 426 IMT21.xml
    07.04.2006 13:46 2.036 IMT20.xml
    07.04.2006 13:46 797.676 IMT1F.xml
    07.04.2006 13:46 426 IMT1E.xml
    07.04.2006 13:46 2.036 IMT1D.xml
    07.04.2006 13:29 1.022 IMT2A.dtd
    07.04.2006 13:29 2.794.308 IMT29.xml
    07.04.2006 13:25 797.676 IMT28.xml
    07.04.2006 13:25 426 IMT27.xml
    07.04.2006 13:25 2.036 IMT26.xml
    06.04.2006 18:54 3.072 TEMP6626.cdx
    06.04.2006 18:54 337 TEMP6626.dbf
    06.04.2006 18:54 337 TEMP7887.dbf
    06.04.2006 18:54 3.072 TEMP7887.cdx
    06.04.2006 18:54 337 TEMP8269.dbf
    06.04.2006 18:54 3.072 TEMP8269.cdx
    06.04.2006 18:54 337 TEMP8219.dbf
    06.04.2006 18:54 3.072 TEMP8219.cdx
    06.04.2006 18:54 337 TEMP0127.dbf
    06.04.2006 18:54 3.072 TEMP0127.cdx
    24.03.2006 00:01 701 TWAIN.LOG
    24.03.2006 00:01 2 Twain001.Mtx
    24.03.2006 00:01 156 Twunk001.MTX
    24.03.2006 00:01 0 Twunk002.MTX
    21.03.2006 23:27 118 wecerr.txt
    20.03.2006 00:38 16.384 5
    19.03.2006 23:15 16.384 2
    18.03.2006 13:20 0 kav10.tmp
    17.03.2006 02:54 0 4vh1E.tmp
    17.03.2006 02:53 0 9zr1D.tmp
    17.03.2006 02:17 0 gwo16.tmp
    17.03.2006 02:16 0 i1a15.tmp
    17.03.2006 02:15 0 s1f14.tmp
    13.03.2006 12:12 0 ovx56.tmp
    13.03.2006 02:54 0 dna45.tmp
    13.03.2006 02:53 0 9fy44.tmp
    05.03.2006 11:14 348 MSIb98fe.LOG
    05.03.2006 11:10 743 ~1F.tmp
    01.03.2006 16:30 122 8A56EAB7.TMP
    09.01.2006 22:28 50.224 filelist.txt
    27.12.2005 21:05 783.360 14d6e21.mst
    04.11.2005 07:52 344.064 eauninstall.exe
    08.12.2003 16:01 487.424 43gcjvgahnu44.ths
    100 Datei(en) 22.291.404 Bytes
    0 Verzeichnis(se), 1.349.812.224 Bytes frei

  4. #4
    Ehrenmitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.583

    AW: Pop Up nervt tierisch!

    hi, frage: bist du stammgast in verschiedenen foren, die immer wieder deine kiste reinigen ??

    downlaod den ccleaner, installieren, starten -> unter options settings -> german einstellen, weiters unter einstellungen erweitert folgendes deaktiveren --> mehr als 48h alte..... ! nun bereinige mit dem ccleaner dein system (windows, applications, registry) (quick-tour und screenshots), die temp. ordner überprüfen, notfalls im abgesicherten modus leeren, mistküble leeren

    verwende den smitfraudfix remover nach dieser anleitung (und download), poste nach jedem scan das logfile

    • Achtung: verwende keine datei aus dem ordner c:\look2mefix ohne aufforderung!
    • leg einen neuen ordner an --> c:\look2mefix
    • download von l2mfix.exe(look2me-fix)
    • entpacke das tool in den vorher erstellten ordner.
    • wähle aus dem ordner die datei l2mfix.bat, öffne sie mit einem doppelklick.
    • ein dos fenster wird geöffnet, warte, bis sich keine veränderungen ergeben und drücke dann irgend eine taste.
    • drücke bitte die 1, wenn das auswahlmenü erscheint. das system wird gescannt und ein logfile erstellt, dieses bitte posten, programm beenden.
    • starte das programm neuerlich, beende alle anderen programme und wähle nun die 2, der rechner wird nun von dieser malware bereinigt, und neu gestartet, poste dieses logfile
    • starte das programm nun zum letzten mal, wähle nun die 4, poste auch dieses logfile.


    wechsle in den abgesicherten modus von windows: PC einschalten, warten bis die meldung "windows wird gestartet..." am bildschirm erscheint, nun drücke sofort die taste [F8]. es erscheint ein start-menü im textmodus. wählen hier "abgesichert" bzw. "abgesicherter modus" und bestätigen dies mit der [eingabe]-taste. win95 win98/ME win2000 winxp und fixe mit HijackThis die nachfolgenden einträge

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arsch
    O17 - HKLM\Software\..\Telephony: DomainName = arsch
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = arsch
    O4 - HKLM\..\Run: [defender] C:\\defender23.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    sollte durch das fixen der 017 einträge die internetverbindung nicht mehr funktionieren, dann, hijackthis starten -> open the misc tools section -> backups -> gewünschten eintrag markieren und den button restore drücken, schon sollte der gefixte eintrag wieder aktiv sein. eventuell muss ein neustart durchgeführt werden

    neustart -> neue logfiles von datfindbat (die 4 stück) und ein aktuelle von hjt erstellen und posten
    lg
    http://members.linzag.net/680262/ff.jpgwww.Speedyweb.at.tfhttp://members.linzag.net/680262/tb.jpg
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche Windows forum und keinesfalls über privatnachrichten oder email !!

  5. #5
    Einsteiger
    Registriert seit
    28.05.2006
    Beiträge
    4

    AW: Pop Up nervt tierisch!

    nee eigentlich nich wieso? Habs eigentlich immer allein probiert aber heute bin ich echt überfordert und meine gewohnten Virenprogramme auch!
    aber danke!

  6. #6
    Einsteiger
    Registriert seit
    28.05.2006
    Beiträge
    4

    AW: Pop Up nervt tierisch!

    so ferdich und scheint funktioniert zu haben, konnte die ganze Zeit ohne Unterbrochen zu werden diesen Text schreiben.
    Danke nochmal und das war wirklich Premiere in Sachen aufwendige Forumhilfe, Is mir auch ne Spende Wert (gib ma nen Tip!!)an Euer forum bzw. an die Programmierer die für die Programme verantwortlich sind. Handelt sich hoffentlich nich um dieselben die für diese lästigen Trojaner und Viren verantwortlich sind.

    Dir aber nochma 1000 Dank und ick jeh jetzt beruhigt pennen.
    hab ja ooch wieder ne Menge gelernt im Wus der Regestries und seiner Verwandten !-)

    Hier trotzdem noch die restlichen Logs im Verlauf, falls es noch interessieren sollte.


    Regestry mit CCLean bearbeitet, alle Temps leeh


    log vor Reinigung mit
    SmitFraudFix v2.49b

    Scan done at 1:19:20,31, 29.05.2006
    Run from D:\reinigung\Smitfraudfix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    C:\defender??.exe FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\icke\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\icke\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Die derzeitige Homepage"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
    --------------------------------------------------------------------------------



    danach:
    SmitFraudFix v2.49b

    Scan done at 1:33:05,85, 29.05.2006
    Run from D:\reinigung\Smitfraudfix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\icke\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\icke\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Die derzeitige Homepage"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

    Problem immer nOch





    -----------------------------------------------------------------------------------
    Dann:
    L2MFIX find log 1.03
    These are the registry keys present
    ************************************************************ **********************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\i024lafq1d2e.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2 e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,7 4,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    ************************************************************ **********************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Internet Settings\User Agent\Post Platform]
    "{38C26E84-3636-097B-172C-9D22282C547A}"=""

    ************************************************************ **********************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Eigenschaften f?r Multimediadatei"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f?r Dokumente"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f?r Freigaben"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f?r Grafikkarten"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f?r Bildschirme"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f?r Anzeigeverschiebung"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f?r Datentr„gerkopien"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f?r Microsoft Windows-Netzwerkobjekte"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f?r die Dateikomprimierung"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f?r Webdrucker"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen? f?r die Verschl?sselung"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f?r HyperTerminal-Icons"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f?r Freigaben"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f?r Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn?pfung"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen?"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf?hren..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite f?r vorherige Versionen"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr?áungsbildschirm"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz?gen ?ber das Internet"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn?pfung"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
    "{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
    "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
    "{E91B2703-013E-4A99-AD33-2B6FB00AA356}"="RecordNow! ContextMenuExt"
    "{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows-Desktopsuche"
    "{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
    "{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
    "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug & Play-Ger„te"
    "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"
    "{44FC89FB-77CB-4D22-8E4B-D519DDB837D0}"=""
    "{4721F136-88BE-41BA-8172-E92B064D33E5}"=""
    "{4F27EB0D-7309-499B-B0B9-05E0E9AF7832}"=""
    "{6BFDAEF7-241C-452A-8041-49E75536F21E}"=""
    "{289DA15E-ED2C-4CE6-B958-DB273E3C57DB}"=""
    "{EBD3D935-B4D7-4062-9EAB-40E90191A932}"=""
    "{10CF5D63-0AD2-40B7-B3BB-813B2CF5DF80}"=""
    "{03D5790A-46E1-4172-9C81-D46FF6642553}"=""
    "{FBD0B2A4-B797-4397-A00E-0CC40C5DF7B1}"=""
    "{25BB370B-7EC8-40DF-A4D1-0D525E94BE68}"=""
    "{19BC62FE-EDD7-48E0-9F5E-B69D6A95ED90}"=""
    "{0C5AF9CD-CAA9-4B56-90DB-1A5DAEC190B8}"=""
    "{60B85339-D5B4-432B-9E5C-8A286C402E57}"=""
    "{8A180DF0-4998-4843-BD9A-CAE709A7B943}"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
    @="MSN Desktop Search Outlook Express ISearchFolder Class"

    ************************************************************ **********************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{44FC89FB-77CB-4D22-8E4B-D519DDB837D0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{44FC89FB-77CB-4D22-8E4B-D519DDB837D0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{44FC89FB-77CB-4D22-8E4B-D519DDB837D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{44FC89FB-77CB-4D22-8E4B-D519DDB837D0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\omuninst.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{4721F136-88BE-41BA-8172-E92B064D33E5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4721F136-88BE-41BA-8172-E92B064D33E5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4721F136-88BE-41BA-8172-E92B064D33E5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4721F136-88BE-41BA-8172-E92B064D33E5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\stoolss.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{4F27EB0D-7309-499B-B0B9-05E0E9AF7832}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4F27EB0D-7309-499B-B0B9-05E0E9AF7832}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4F27EB0D-7309-499B-B0B9-05E0E9AF7832}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4F27EB0D-7309-499B-B0B9-05E0E9AF7832}\InprocServer32]
    @="C:\\WINDOWS\\system32\\maacm32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6BFDAEF7-241C-452A-8041-49E75536F21E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6BFDAEF7-241C-452A-8041-49E75536F21E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6BFDAEF7-241C-452A-8041-49E75536F21E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6BFDAEF7-241C-452A-8041-49E75536F21E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ali2evxx.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{289DA15E-ED2C-4CE6-B958-DB273E3C57DB}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{289DA15E-ED2C-4CE6-B958-DB273E3C57DB}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{289DA15E-ED2C-4CE6-B958-DB273E3C57DB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{289DA15E-ED2C-4CE6-B958-DB273E3C57DB}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wsavusd.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EBD3D935-B4D7-4062-9EAB-40E90191A932}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EBD3D935-B4D7-4062-9EAB-40E90191A932}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EBD3D935-B4D7-4062-9EAB-40E90191A932}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EBD3D935-B4D7-4062-9EAB-40E90191A932}\InprocServer32]
    @="C:\\WINDOWS\\system32\\swmedia.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{10CF5D63-0AD2-40B7-B3BB-813B2CF5DF80}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{10CF5D63-0AD2-40B7-B3BB-813B2CF5DF80}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{10CF5D63-0AD2-40B7-B3BB-813B2CF5DF80}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{10CF5D63-0AD2-40B7-B3BB-813B2CF5DF80}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nmtfxperf.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{03D5790A-46E1-4172-9C81-D46FF6642553}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{03D5790A-46E1-4172-9C81-D46FF6642553}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{03D5790A-46E1-4172-9C81-D46FF6642553}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{03D5790A-46E1-4172-9C81-D46FF6642553}\InprocServer32]
    @="C:\\WINDOWS\\system32\\TdsCtrl.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FBD0B2A4-B797-4397-A00E-0CC40C5DF7B1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FBD0B2A4-B797-4397-A00E-0CC40C5DF7B1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FBD0B2A4-B797-4397-A00E-0CC40C5DF7B1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FBD0B2A4-B797-4397-A00E-0CC40C5DF7B1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\msc70u.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{25BB370B-7EC8-40DF-A4D1-0D525E94BE68}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{25BB370B-7EC8-40DF-A4D1-0D525E94BE68}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{25BB370B-7EC8-40DF-A4D1-0D525E94BE68}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{25BB370B-7EC8-40DF-A4D1-0D525E94BE68}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uxrfaxa.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{19BC62FE-EDD7-48E0-9F5E-B69D6A95ED90}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{19BC62FE-EDD7-48E0-9F5E-B69D6A95ED90}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{19BC62FE-EDD7-48E0-9F5E-B69D6A95ED90}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{19BC62FE-EDD7-48E0-9F5E-B69D6A95ED90}\InprocServer32]
    @="C:\\WINDOWS\\system32\\io41_qcx.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{0C5AF9CD-CAA9-4B56-90DB-1A5DAEC190B8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C5AF9CD-CAA9-4B56-90DB-1A5DAEC190B8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C5AF9CD-CAA9-4B56-90DB-1A5DAEC190B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C5AF9CD-CAA9-4B56-90DB-1A5DAEC190B8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\TTtrlIO.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{60B85339-D5B4-432B-9E5C-8A286C402E57}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{60B85339-D5B4-432B-9E5C-8A286C402E57}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{60B85339-D5B4-432B-9E5C-8A286C402E57}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{60B85339-D5B4-432B-9E5C-8A286C402E57}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ikgutil.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{8A180DF0-4998-4843-BD9A-CAE709A7B943}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8A180DF0-4998-4843-BD9A-CAE709A7B943}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8A180DF0-4998-4843-BD9A-CAE709A7B943}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8A180DF0-4998-4843-BD9A-CAE709A7B943}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ajicap32.dll"
    "ThreadingModel"="Apartment"

    ************************************************************ **********************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    ajicap32.dll Mon 29 May 2006 1:30:36 ..S.R 234.994 229,48 K
    ali2evxx.dll Mon 29 May 2006 1:23:28 ..S.R 235.860 230,33 K
    apapi.dll Sun 28 May 2006 19:48:02 ..S.R 235.958 230,43 K
    bassmod.dll Mon 17 Apr 2006 18:04:12 A.... 34.308 33,50 K
    browseui.dll Sat 4 Mar 2006 6:00:14 A.... 1.022.976 999,00 K
    cdfview.dll Sat 4 Mar 2006 6:00:16 A.... 152.064 148,50 K
    cjbjmon.dll Sun 28 May 2006 22:43:06 ..S.R 236.371 230,83 K
    danim.dll Sat 4 Mar 2006 6:00:16 A.... 1.056.256 1,00 M
    dxtrans.dll Sat 4 Mar 2006 6:00:16 A.... 205.312 200,50 K
    extmgr.dll Sat 4 Mar 2006 6:00:16 A.... 55.808 54,50 K
    hr0805~1.dll Mon 29 May 2006 1:30:36 ..S.R 235.799 230,27 K
    i024la~1.dll Mon 29 May 2006 1:20:16 ..S.R 234.994 229,48 K
    iepeers.dll Sat 4 Mar 2006 6:00:16 A.... 251.904 246,00 K
    ikgutil.dll Mon 29 May 2006 1:11:16 ..S.R 234.994 229,48 K
    inetcomm.dll Fri 17 Mar 2006 11:11:30 A.... 679.424 663,50 K
    inseng.dll Sat 4 Mar 2006 6:00:16 A.... 96.768 94,50 K
    io41_qcx.dll Sun 28 May 2006 23:12:34 ..S.R 233.735 228,25 K
    maacm32.dll Sun 28 May 2006 20:11:58 ..S.R 235.958 230,43 K
    msc70u.dll Sun 28 May 2006 22:59:32 ..S.R 234.208 228,72 K
    msdtcprx.dll Wed 1 Mar 2006 21:41:36 A.... 426.496 416,50 K
    msdtctm.dll Wed 1 Mar 2006 21:41:36 A.... 956.416 934,00 K
    msdtcuiu.dll Wed 1 Mar 2006 21:41:36 A.... 161.280 157,50 K
    mshtml.dll Thu 23 Mar 2006 22:33:48 A.... 3.076.608 2,93 M
    mshtmled.dll Sat 4 Mar 2006 6:00:18 A.... 448.512 438,00 K
    msrating.dll Sat 4 Mar 2006 6:00:18 A.... 146.432 143,00 K
    mstime.dll Sat 4 Mar 2006 6:00:20 A.... 532.480 520,00 K
    mtxclu.dll Wed 1 Mar 2006 21:41:36 A.... 66.560 65,00 K
    mtxoci.dll Wed 1 Mar 2006 21:41:36 A.... 91.136 89,00 K
    mvg4dmod.dll Sun 28 May 2006 23:06:48 ..S.R 234.592 229,09 K
    nmtfxp~1.dll Sun 28 May 2006 21:58:16 ..S.R 236.371 230,83 K
    omuninst.dll Sun 28 May 2006 18:37:00 ..S.R 234.272 228,78 K
    pngfilt.dll Sat 4 Mar 2006 6:00:20 A.... 39.424 38,50 K
    shdocvw.dll Thu 30 Mar 2006 11:27:18 A.... 1.495.040 1,43 M
    shell32.dll Fri 17 Mar 2006 6:03:36 A.... 8.493.056 8,10 M
    shlwapi.dll Sat 4 Mar 2006 6:00:20 A.... 474.624 463,50 K
    stoolss.dll Sun 28 May 2006 19:53:24 ..S.R 234.135 228,64 K
    swmedia.dll Sun 28 May 2006 21:16:06 ..S.R 235.676 230,15 K
    tdsctrl.dll Sun 28 May 2006 22:48:30 ..S.R 233.735 228,25 K
    tnpi3.dll Sun 28 May 2006 22:27:24 ..S.R 237.257 231,70 K
    tttrlio.dll Mon 29 May 2006 1:08:10 ..S.R 234.119 228,63 K
    urlmon.dll Sat 18 Mar 2006 13:07:50 A.... 616.448 602,00 K
    uxrfaxa.dll Sun 28 May 2006 23:02:36 ..S.R 233.735 228,25 K
    vzwwdm32.dll Sun 28 May 2006 20:21:46 ..S.R 234.135 228,64 K
    wininet.dll Sat 4 Mar 2006 6:00:22 A.... 669.184 653,50 K
    wmp.dll Fri 10 Mar 2006 6:09:14 A.... 5.533.696 5,28 M
    wsavusd.dll Sun 28 May 2006 20:28:52 ..S.R 235.642 230,12 K
    xolehlp.dll Wed 1 Mar 2006 21:41:36 A.... 11.776 11,50 K
    xpsp3res.dll Thu 30 Mar 2006 3:52:08 A.... 25.600 25,00 K

    48 items found: 48 files (21 H/S), 0 directories.
    Total of file sizes: 31.756.128 bytes 30,28 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Mon 29 May 2006 1:30:48 A.... 236.590 231,04 K

    1 item found: 1 file, 0 directories.
    Total of file sizes: 236.590 bytes 231,04 K
    ************************************************************ **********************
    Directory Listing of system files:
    Volume in Laufwerk C: hat keine Bezeichnung.
    Volumeseriennummer: 8093-1DB6

    Verzeichnis von C:\WINDOWS\System32

    29.05.2006 01:30 234.994 ajicap32.dll
    29.05.2006 01:30 235.799 hr0805due.dll
    29.05.2006 01:23 235.860 ali2evxx.dll
    29.05.2006 01:20 234.994 i024lafq1d2e.dll
    29.05.2006 01:11 234.994 ikgutil.dll
    29.05.2006 01:08 234.119 TTtrlIO.dll
    28.05.2006 23:12 233.735 io41_qcx.dll
    28.05.2006 23:06 234.592 mvg4dmod.dll
    28.05.2006 23:02 233.735 uxrfaxa.dll
    28.05.2006 22:59 234.208 msc70u.dll
    28.05.2006 22:48 233.735 TdsCtrl.dll
    28.05.2006 22:43 236.371 cjbjmon.dll
    28.05.2006 22:27 237.257 tNpi3.dll
    28.05.2006 21:58 236.371 nmtfxperf.dll
    28.05.2006 21:16 235.676 swmedia.dll
    28.05.2006 20:28 235.642 wsavusd.dll
    28.05.2006 20:21 234.135 vzwwdm32.dll
    28.05.2006 20:11 235.958 maacm32.dll
    28.05.2006 19:53 234.135 stoolss.dll
    28.05.2006 19:48 235.958 apapi.dll
    28.05.2006 18:36 234.272 omuninst.dll
    19.12.2005 14:43 <DIR> dllcache
    17.08.2005 14:47 <DIR> Microsoft
    21 Datei(en) 4.936.540 Bytes
    2 Verzeichnis(se), 1.394.933.760 Bytes frei

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2 e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,7 4,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001







    ------------------------------------------------------------------------------
    L2Mfix 1.03

    Running From:
    C:\look2mefix\l2mfix



    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-NI) ALLOW Read VORDEFINIERT\Benutzer
    (ID-IO) ALLOW Read VORDEFINIERT\Benutzer
    (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access ERSTELLER-BESITZER



    Setting registry permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Denying C(CI) access for predefined group "Administrators"
    - adding new ACCESS DENY entry


    Registry Permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (CI) DENY --C------- VORDEFINIERT\Administratoren
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-NI) ALLOW Read VORDEFINIERT\Benutzer
    (ID-IO) ALLOW Read VORDEFINIERT\Benutzer
    (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access ERSTELLER-BESITZER



    Setting up for Reboot


    Starting Reboot!

    C:\look2mefix\l2mfix
    System Rebooted!

    Running From:
    C:\look2mefix\l2mfix

    killing explorer and rundll32.exe

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 1712 'explorer.exe'

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Error, Cannot find a process with an image name of rundll32.exe

    Scanning First Pass. Please Wait!

    First Pass Completed

    Second Pass Scanning

    Second pass Completed!
    Backing Up: C:\WINDOWS\system32\ajicap32.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\ali2evxx.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\apapi.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\cjbjmon.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\hr0805due.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\ikgutil.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\io41_qcx.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\maacm32.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\msc70u.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\mvg4dmod.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\nmtfxperf.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\omuninst.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\stoolss.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\swmedia.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\TdsCtrl.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\tNpi3.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\TTtrlIO.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\uxrfaxa.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\vzwwdm32.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\wsavusd.dll
    1 Datei(en) kopiert.
    Backing Up: C:\WINDOWS\system32\guard.tmp
    1 Datei(en) kopiert.
    deleting: C:\WINDOWS\system32\ajicap32.dll
    Successfully Deleted: C:\WINDOWS\system32\ajicap32.dll
    deleting: C:\WINDOWS\system32\ali2evxx.dll
    Successfully Deleted: C:\WINDOWS\system32\ali2evxx.dll
    deleting: C:\WINDOWS\system32\apapi.dll
    Successfully Deleted: C:\WINDOWS\system32\apapi.dll
    deleting: C:\WINDOWS\system32\cjbjmon.dll
    Successfully Deleted: C:\WINDOWS\system32\cjbjmon.dll
    deleting: C:\WINDOWS\system32\hr0805due.dll
    Successfully Deleted: C:\WINDOWS\system32\hr0805due.dll
    deleting: C:\WINDOWS\system32\ikgutil.dll
    Successfully Deleted: C:\WINDOWS\system32\ikgutil.dll
    deleting: C:\WINDOWS\system32\io41_qcx.dll
    Successfully Deleted: C:\WINDOWS\system32\io41_qcx.dll
    deleting: C:\WINDOWS\system32\maacm32.dll
    Successfully Deleted: C:\WINDOWS\system32\maacm32.dll
    deleting: C:\WINDOWS\system32\msc70u.dll
    Successfully Deleted: C:\WINDOWS\system32\msc70u.dll
    deleting: C:\WINDOWS\system32\mvg4dmod.dll
    Successfully Deleted: C:\WINDOWS\system32\mvg4dmod.dll
    deleting: C:\WINDOWS\system32\nmtfxperf.dll
    Successfully Deleted: C:\WINDOWS\system32\nmtfxperf.dll
    deleting: C:\WINDOWS\system32\omuninst.dll
    Successfully Deleted: C:\WINDOWS\system32\omuninst.dll
    deleting: C:\WINDOWS\system32\stoolss.dll
    Successfully Deleted: C:\WINDOWS\system32\stoolss.dll
    deleting: C:\WINDOWS\system32\swmedia.dll
    Successfully Deleted: C:\WINDOWS\system32\swmedia.dll
    deleting: C:\WINDOWS\system32\TdsCtrl.dll
    Successfully Deleted: C:\WINDOWS\system32\TdsCtrl.dll
    deleting: C:\WINDOWS\system32\tNpi3.dll
    Successfully Deleted: C:\WINDOWS\system32\tNpi3.dll
    deleting: C:\WINDOWS\system32\TTtrlIO.dll
    Successfully Deleted: C:\WINDOWS\system32\TTtrlIO.dll
    deleting: C:\WINDOWS\system32\uxrfaxa.dll
    Successfully Deleted: C:\WINDOWS\system32\uxrfaxa.dll
    deleting: C:\WINDOWS\system32\vzwwdm32.dll
    Successfully Deleted: C:\WINDOWS\system32\vzwwdm32.dll
    deleting: C:\WINDOWS\system32\wsavusd.dll
    Successfully Deleted: C:\WINDOWS\system32\wsavusd.dll
    deleting: C:\WINDOWS\system32\guard.tmp
    Successfully Deleted: C:\WINDOWS\system32\guard.tmp


    Zipping up files for submission:
    adding: ajicap32.dll (188 bytes security) (deflated 5%)
    adding: ali2evxx.dll (188 bytes security) (deflated 5%)
    adding: apapi.dll (188 bytes security) (deflated 5%)
    adding: cjbjmon.dll (188 bytes security) (deflated 5%)
    adding: hr0805due.dll (188 bytes security) (deflated 5%)
    adding: ikgutil.dll (188 bytes security) (deflated 5%)
    adding: io41_qcx.dll (188 bytes security) (deflated 4%)
    adding: maacm32.dll (188 bytes security) (deflated 5%)
    adding: msc70u.dll (188 bytes security) (deflated 4%)
    adding: mvg4dmod.dll (188 bytes security) (deflated 5%)
    adding: nmtfxperf.dll (188 bytes security) (deflated 5%)
    adding: omuninst.dll (188 bytes security) (deflated 4%)
    adding: stoolss.dll (188 bytes security) (deflated 4%)
    adding: swmedia.dll (188 bytes security) (deflated 5%)
    adding: TdsCtrl.dll (188 bytes security) (deflated 4%)
    adding: tNpi3.dll (188 bytes security) (deflated 6%)
    adding: TTtrlIO.dll (188 bytes security) (deflated 4%)
    adding: uxrfaxa.dll (188 bytes security) (deflated 4%)
    adding: vzwwdm32.dll (188 bytes security) (deflated 4%)
    adding: wsavusd.dll (188 bytes security) (deflated 5%)
    adding: guard.tmp (188 bytes security) (deflated 5%)
    adding: clear.reg (188 bytes security) (deflated 67%)
    adding: echo.reg (188 bytes security) (deflated 9%)
    adding: direct.txt (188 bytes security) (stored 0%)
    adding: lo2.txt (188 bytes security) (deflated 83%)
    adding: readme.txt (188 bytes security) (deflated 49%)
    adding: report1.txt (188 bytes security) (deflated 70%)
    adding: test.txt (188 bytes security) (deflated 79%)
    adding: test2.txt (188 bytes security) (deflated 47%)
    adding: test3.txt (188 bytes security) (deflated 47%)
    adding: test5.txt (188 bytes security) (deflated 47%)
    adding: xfind.txt (188 bytes security) (deflated 73%)
    adding: backregs/03D5790A-46E1-4172-9C81-D46FF6642553.reg (188 bytes security) (deflated 70%)
    adding: backregs/0C5AF9CD-CAA9-4B56-90DB-1A5DAEC190B8.reg (188 bytes security) (deflated 70%)
    adding: backregs/10CF5D63-0AD2-40B7-B3BB-813B2CF5DF80.reg (188 bytes security) (deflated 70%)
    adding: backregs/19BC62FE-EDD7-48E0-9F5E-B69D6A95ED90.reg (188 bytes security) (deflated 70%)
    adding: backregs/25BB370B-7EC8-40DF-A4D1-0D525E94BE68.reg (188 bytes security) (deflated 70%)
    adding: backregs/289DA15E-ED2C-4CE6-B958-DB273E3C57DB.reg (188 bytes security) (deflated 70%)
    adding: backregs/44FC89FB-77CB-4D22-8E4B-D519DDB837D0.reg (188 bytes security) (deflated 70%)
    adding: backregs/4721F136-88BE-41BA-8172-E92B064D33E5.reg (188 bytes security) (deflated 70%)
    adding: backregs/4F27EB0D-7309-499B-B0B9-05E0E9AF7832.reg (188 bytes security) (deflated 70%)
    adding: backregs/60B85339-D5B4-432B-9E5C-8A286C402E57.reg (188 bytes security) (deflated 70%)
    adding: backregs/6BFDAEF7-241C-452A-8041-49E75536F21E.reg (188 bytes security) (deflated 70%)
    adding: backregs/8A180DF0-4998-4843-BD9A-CAE709A7B943.reg (188 bytes security) (deflated 70%)
    adding: backregs/EBD3D935-B4D7-4062-9EAB-40E90191A932.reg (188 bytes security) (deflated 70%)
    adding: backregs/FBD0B2A4-B797-4397-A00E-0CC40C5DF7B1.reg (188 bytes security) (deflated 70%)
    adding: backregs/shell.reg (188 bytes security) (deflated 72%)

    Restoring Registry Permissions:


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!


    Revoking access for predefined group "Administrators"
    Inherited ACE can not be revoked here!
    Inherited ACE can not be revoked here!


    Registry permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-NI) ALLOW Read VORDEFINIERT\Benutzer
    (ID-IO) ALLOW Read VORDEFINIERT\Benutzer
    (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
    (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
    (ID-IO) ALLOW Full access ERSTELLER-BESITZER


    Restoring Sedebugprivilege:

    Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

    deleting local copy: ajicap32.dll
    deleting local copy: ali2evxx.dll
    deleting local copy: apapi.dll
    deleting local copy: cjbjmon.dll
    deleting local copy: hr0805due.dll
    deleting local copy: ikgutil.dll
    deleting local copy: io41_qcx.dll
    deleting local copy: maacm32.dll
    deleting local copy: msc70u.dll
    deleting local copy: mvg4dmod.dll
    deleting local copy: nmtfxperf.dll
    deleting local copy: omuninst.dll
    deleting local copy: stoolss.dll
    deleting local copy: swmedia.dll
    deleting local copy: TdsCtrl.dll
    deleting local copy: tNpi3.dll
    deleting local copy: TTtrlIO.dll
    deleting local copy: uxrfaxa.dll
    deleting local copy: vzwwdm32.dll
    deleting local copy: wsavusd.dll
    deleting local copy: guard.tmp

    The following Is the Current Export of the Winlogon notify key:
    ************************************************************ ****************
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    "DLLName"="Ati2evxx.dll"
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000001
    "Lock"="AtiLockEvent"
    "Logoff"="AtiLogoffEvent"
    "Logon"="AtiLogonEvent"
    "Disconnect"="AtiDisConnectEvent"
    "Reconnect"="AtiReConnectEvent"
    "Safe"=dword:00000000
    "Shutdown"="AtiShutdownEvent"
    "StartScreenSaver"="AtiStartScreenSaverEvent"
    "StartShell"="AtiStartShellEvent"
    "Startup"="AtiStartupEvent"
    "StopScreenSaver"="AtiStopScreenSaverEvent"
    "Unlock"="AtiUnLockEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2 e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,7 4,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,7 9,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    The following are the files found:
    ************************************************************ ****************
    C:\WINDOWS\system32\ajicap32.dll
    C:\WINDOWS\system32\ali2evxx.dll
    C:\WINDOWS\system32\apapi.dll
    C:\WINDOWS\system32\cjbjmon.dll
    C:\WINDOWS\system32\hr0805due.dll
    C:\WINDOWS\system32\ikgutil.dll
    C:\WINDOWS\system32\io41_qcx.dll
    C:\WINDOWS\system32\maacm32.dll
    C:\WINDOWS\system32\msc70u.dll
    C:\WINDOWS\system32\mvg4dmod.dll
    C:\WINDOWS\system32\nmtfxperf.dll
    C:\WINDOWS\system32\omuninst.dll
    C:\WINDOWS\system32\stoolss.dll
    C:\WINDOWS\system32\swmedia.dll
    C:\WINDOWS\system32\TdsCtrl.dll
    C:\WINDOWS\system32\tNpi3.dll
    C:\WINDOWS\system32\TTtrlIO.dll
    C:\WINDOWS\system32\uxrfaxa.dll
    C:\WINDOWS\system32\vzwwdm32.dll
    C:\WINDOWS\system32\wsavusd.dll
    C:\WINDOWS\system32\guard.tmp

    Registry Entries that were Deleted:
    Please verify that the listing looks ok.
    If there was something deleted wrongly there are backups in the backreg folder.
    ************************************************************ ****************
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Shell Extensions\Approved]
    "{44FC89FB-77CB-4D22-8E4B-D519DDB837D0}"=-
    "{4721F136-88BE-41BA-8172-E92B064D33E5}"=-
    "{4F27EB0D-7309-499B-B0B9-05E0E9AF7832}"=-
    "{6BFDAEF7-241C-452A-8041-49E75536F21E}"=-
    "{289DA15E-ED2C-4CE6-B958-DB273E3C57DB}"=-
    "{EBD3D935-B4D7-4062-9EAB-40E90191A932}"=-
    "{10CF5D63-0AD2-40B7-B3BB-813B2CF5DF80}"=-
    "{03D5790A-46E1-4172-9C81-D46FF6642553}"=-
    "{FBD0B2A4-B797-4397-A00E-0CC40C5DF7B1}"=-
    "{25BB370B-7EC8-40DF-A4D1-0D525E94BE68}"=-
    "{19BC62FE-EDD7-48E0-9F5E-B69D6A95ED90}"=-
    "{0C5AF9CD-CAA9-4B56-90DB-1A5DAEC190B8}"=-
    "{60B85339-D5B4-432B-9E5C-8A286C402E57}"=-
    "{8A180DF0-4998-4843-BD9A-CAE709A7B943}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{44FC89FB-77CB-4D22-8E4B-D519DDB837D0}]
    [-HKEY_CLASSES_ROOT\CLSID\{4721F136-88BE-41BA-8172-E92B064D33E5}]
    [-HKEY_CLASSES_ROOT\CLSID\{4F27EB0D-7309-499B-B0B9-05E0E9AF7832}]
    [-HKEY_CLASSES_ROOT\CLSID\{6BFDAEF7-241C-452A-8041-49E75536F21E}]
    [-HKEY_CLASSES_ROOT\CLSID\{289DA15E-ED2C-4CE6-B958-DB273E3C57DB}]
    [-HKEY_CLASSES_ROOT\CLSID\{EBD3D935-B4D7-4062-9EAB-40E90191A932}]
    [-HKEY_CLASSES_ROOT\CLSID\{10CF5D63-0AD2-40B7-B3BB-813B2CF5DF80}]
    [-HKEY_CLASSES_ROOT\CLSID\{03D5790A-46E1-4172-9C81-D46FF6642553}]
    [-HKEY_CLASSES_ROOT\CLSID\{FBD0B2A4-B797-4397-A00E-0CC40C5DF7B1}]
    [-HKEY_CLASSES_ROOT\CLSID\{25BB370B-7EC8-40DF-A4D1-0D525E94BE68}]
    [-HKEY_CLASSES_ROOT\CLSID\{19BC62FE-EDD7-48E0-9F5E-B69D6A95ED90}]
    [-HKEY_CLASSES_ROOT\CLSID\{0C5AF9CD-CAA9-4B56-90DB-1A5DAEC190B8}]
    [-HKEY_CLASSES_ROOT\CLSID\{60B85339-D5B4-432B-9E5C-8A286C402E57}]
    [-HKEY_CLASSES_ROOT\CLSID\{8A180DF0-4998-4843-BD9A-CAE709A7B943}]
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Internet Settings\User Agent\Post Platform]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Internet Settings\User Agent\Post Platform]
    "SV1"=""
    ************************************************************ ****************
    Desktop.ini Contents:
    ************************************************************ ****************
    ************************************************************ ****************
    



    -------------------------------------------------------------------------------
    Und zum schluss noch


    Logfile of HijackThis v1.99.1
    Scan saved at 02:05:35, on 29.05.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
    C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Programme\TOSHIBA\Tvs\TvsTray.exe
    C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
    C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\TPSBattM.exe
    D:\Programme\Adobe Acrobat\Distillr\Acrotray.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\QuickTime\qttask.exe
    D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    D:\Hijackthis\HijackThis.exe
    D:\Programme\AntiVir PersonalEdition Classic\sched.exe
    D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

    O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe Acrobat\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [updateMgr] D:\Programme\Adobe Acrobat\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1
    O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Programme\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    O4 - HKCU\..\Run: [HijackThis startup scan] D:\Hijackthis\HijackThis.exe /startupscan
    O4 - Startup: Registration-Studio 8.lnk = D:\Programme\Pinnacle\Register\RegTool.exe
    O8 - Extra context menu item: &MSN Suche - res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm
    O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?b223ba357aad4e338c7a6c8214794e79
    O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?b223ba357aad4e338c7a6c8214794e79
    O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe Acrobat\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra button: eBay - {60FF3727-80F3-4181-980F-CE95137B6359} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133536386614
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arsch
    O17 - HKLM\Software\..\Telephony: DomainName = arsch
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6D5282-FB21-40B4-8F2F-6B11A107CC5A}: NameServer = 217.237.151.33,217.237.149.225
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = arsch
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    Geändert von kloppek (29.05.2006 um 02:37 Uhr)

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. pop ups!!!
    Von 8UrN3r im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 24.01.2006, 01:11
  2. Please help, pop up problem
    Von itchyteeth im Forum Archiv
    Antworten: 10
    Letzter Beitrag: 10.11.2005, 23:54
  3. Mein *Zensiertes* Opera Nervt mich...
    Von Sonic im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 06.08.2005, 16:11
  4. Pop-Up
    Von Knulli im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 27.06.2005, 02:08
  5. OfferOptimizer pop up help
    Von lunchme im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 30.03.2005, 23:25

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •