Hallo, kann mir vielleicht jemand helfen. Komme mit den Tips von bisher nicht zurecht. Ich poste mal alle Logfiles und bin für jeden Tip dankbar!
---------
Spybot findet immer wieder von neuem:
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-484763869-1202660629-1060284298-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
WebDialer: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-484763869-1202660629-1060284298-500\Software\Microsoft\Internet Explorer\Main\HOMEOldSP
-----
15.06.2004 01:00:40 SPhjFix started v1.07
15.06.2004 01:00:40 Stealth-String not found -> Programm terminated
-----
Logfile of HijackThis v1.97.7
Scan saved at 01:44:00, on 15.06.2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mgabg.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe
C:\WINNT\System32\desk95.exe
C:\WINNT\System32\atiptaxx.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINNT\System32\PDesk\PDesk.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Winamp5\winampa.exe
C:\WINNT\System32\internat.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Kazaa Lite K++\KazaaLite.kpp
C:\Programme\eDonkey2000\edonkey2000.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\datatoburn\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {99E1895B-3342-4181-9325-0603665B33F5} - C:\WINNT\System32\ina.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp5\winampa.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [sysinfo] C:\windows\addins\winmech.lnk
O4 - HKCU\..\Run: [server] C:\windows\addins\server.lnk
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\Symtrdr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cabO16 - DPF: {1111111D-4111-1111-1111-111115555555} - ms-its:mhtml:file://C:\document.mhtml!http://www.ultra-galleries.com/counter/data/load.chm::/init.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwa...director/sw.cabO16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cabO16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) -
http://216.249.24.142/code/PWActiveXImgCtl.CABO16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) -
http://www.parallelgraphics.com/bin/cortvrml.cabO16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) -
http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwa...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{521008A3-D791-470D-A376-C2DDD361C2B5}: NameServer = 193.189.244.197
O17 - HKLM\System\CCS\Services\Tcpip\..\{5765157F-4F88-4FE0-BDA2-1B4CD500A9CE}: NameServer = 195.235.113.3,195.235.96.90
------------------
--==***@@@ 'FIND-ALL' »»*Original*»» VERSION *10.1 -6/10 @@@***==--
»»»»»»Find-All recent updates:»»»»»»
*Size of Windows key
*Winlogon\notify
*UserInit value
*Copy of 'hosts' file and *Loaded Modules (In \FilesList Subfolder)
*Versions of major keys and windows files
*list of active services and drivers (\'FilesList')
*Note:
If using 'Find-All' to clean, be sure to include the link to your
post in the forum!! (I keep recieving files I don't know where they came from...0-0...)
*Note: Reg backup restore will not work if current user
doesn't have 'Admin privileges'! (view »»Group/user section)
Tue Jun 15 01:54:15 2004 -- ++Results:
»»System Info:
Microsoft Windows 2000 [Version 5.00.2195]
'Find-All' is running from Drive:
C: "Programs" (FC55:4380) - FS:NTFS clusters:4k
Total: 10 487 197 696 [10G] - Free: 3 813 462 016 [3.6G]
»»IE version and Service packs:
6.0.2800.1106 C:\Programme\Internet Explorer\Iexplore.exe
--a-- W32i APP ENU 6.0.2800.1106 shp 91,136 08-29-2002 iexplore.exe
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;
»»Google:
»»UserAgent:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
»»Wmplayer version:
9.0.0.2980 C:\Programme\Windows Media Player\wmplayer.exe
--a-- W32i APP ENU 9.0.0.2980 shp 73,728 12-11-2002 wmplayer.exe
6.4.9.1117 C:\Programme\Windows Media Player\mplayer2.exe
--a-- W32i APP ENU 6.4.9.1117 shp 5,120 05-03-2001 mplayer2.exe
»»M$Java version:
5.0.3234.0 C:\WINNT\System32\msjava.dll
--a-- W32i DLL ENU 5.0.3234.0 shp 940,304 12-10-1999 msjava.dll
»»NotePad(s) version(s):
5.0.2140.1 C:\WINNT\notepad.exe
--a-- W32i APP DEU 5.0.2140.1 shp 51,472 12-10-1999 notepad.exe
5.0.2140.1 C:\WINNT\System32\notepad.exe
--a-- W32i APP DEU 5.0.2140.1 shp 51,472 12-10-1999 notepad.exe
»» Regedit* version(s):
5.0.2134.1 C:\WINNT\regedit.exe
--a-- W32i APP DEU 5.0.2134.1 shp 76,048 12-10-1999 regedit.exe
5.0.2147.1 C:\WINNT\System32\regedt32.exe
--a-- W32i APP DEU 5.0.2147.1 shp 142,096 12-10-1999 regedt32.exe
»»PC uptime:
1:54am up 0 days, 0:52
»»Locked or 'Suspect' file(s) found...
»»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»»
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!
»»Tasks (services):
0 System Process
8 System
160 smss.exe
184 csrss.exe Title:
204 winlogon.exe Title: NetDDE Agent
232 services.exe Svcs: Browser,Dhcp,dmserver,Dnscache,Eventlog,lanmanserver,lanmanworkstation,LmHosts,Messenger,PlugPlay,ProtectedStorage,seclogon,TrkWks,Wmi
244 lsass.exe Svcs: PolicyAgent,SamSs
408 svchost.exe Svcs: RpcSs
436 SPOOLSV.EXE Svcs: Spooler
464 CCEVTMGR.EXE Svcs: ccEvtMgr
568 CDANTSRV.EXE Svcs: C-DillaSrv
588 svchost.exe Svcs: EventSystem,Netman,NtmsSvc,RasMan,SENS,TapiSrv
608 mgabg.exe Svcs: MGABGEXE
624 NAVAPSVC.EXE Svcs: navapsvc
668 NPROTECT.EXE Svcs: NProtectService
732 regsvc.exe Svcs: RemoteRegistry
820 mstask.exe Svcs: Schedule
844 NOPDB.EXE Svcs: Speed Disk service
900 stisvc.exe Svcs: StiSvc
932 vsmon.exe Svcs: vsmon
988 explorer.exe Title: Program Manager
1008 winmgmt.exe Svcs: WinMgmt
1020 mspmspsv.exe Svcs: WMDM PMSP Service
1056 SymTray.exe Title: SymTray
1112 Desk95.exe Title:
1144 atiptaxx.exe Title: ATI Tray Icon Application
1160 realplay.exe Title:
1172 qttask.exe Title: QTPlayer Tray Icon
1200 ccApp.exe Title: Norton AntiVirus
1232 pdesk.exe Title:
1252 daemon.exe Title: Virtual DAEMON Manager V3.33
1256 winampa.exe Title:
1260 internat.exe Title:
1288 AcroTray.exe Title: AcrobatTrayIcon
1388 zonealarm.exe Title: PermissionDlg
1404 KazaaLite.kpp Title: Kazaa Lite K++ - [Traffic]
1612 edonkey2000.exe Title:
1772 IEXPLORE.EXE Title: Startseite: about:blank - ...\sp.html (obfuscated) - Anleitung mit Entfernungsprogramm - Microsoft Internet Explorer
1820 notepad.exe Title: hijackthis.log - Editor
332 WINZIP32.EXE Title: WinZip (Unregistered) - XFIND.ZIP
1488 cmd.exe Title: C:\WINNT\System32\cmd.exe
1596 ntvdm.exe
1812 tlist.exe
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99E1895B-3342-4181-9325-0603665B33F5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"
REGEDIT4
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{D2D5885E-83FF-4FE9-83CC-DC8DACCC2D20}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{D2D5885E-83FF-4FE9-83CC-DC8DACCC2D20}"
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
»»Security settings for 'Windows' key:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read VORDEFINIERT\Benutzer
(IO) ALLOW Read VORDEFINIERT\Benutzer
(NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(NI) ALLOW Full access VORDEFINIERT\Administratoren
(IO) ALLOW Full access VORDEFINIERT\Administratoren
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access VORDEFINIERT\Administratoren
(IO) ALLOW Full access ERSTELLER-BESITZER
Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read VORDEFINIERT\Benutzer
Read VORDEFINIERT\Hauptbenutzer
Full access VORDEFINIERT\Administratoren
Full access NT-AUTORITŽT\SYSTEM
»»Size of 'Windows' key: (Default-450;No'AppInit'-398;*Fake-~448+!)
Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows\SYS:Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ : AppInit_DLLs
»»Winlogon\notify:
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
Size of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: 2572
»»UserInit value:
! REG.EXE VERSION 2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit REG_SZ C:\WINNT\system32\userinit.exe,
5.0.2159.1 C:\WINNT\System32\userinit.exe
--a-- W32i APP DEU 5.0.2159.1 shp 17,168 12-10-1999 userinit.exe
»»Group/user settings:
User: [VIDEOMAIN\Administrator], is a member of:
VORDEFINIERT\Administratoren
\Everyone
User is a member of group VIDEOMAIN\Kein.
User is a member of group \Jeder.
User is a member of group VORDEFINIERT\Administratoren.
User is a member of group VORDEFINIERT\Benutzer.
User is a member of group \LOKAL.
User is a member of group NT-AUTORITÄT\INTERAKTIV.
User is a member of group NT-AUTORITÄT\Authentifizierte Benutzer.
»»ACLs list:
C:\junkxxx Jeder:(OI)(CI)F
ERROR: Es sind keine weiteren Dateien vorhanden.
»»File(s) in 'junkxxx' folder:
»»Md5sums
MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+
Copyright © 2001-2002 Jem Berkes -
http://www.pc-tools.net/0 bytes, 0 ms = 0.00 MB/sec
»»hosts file:
R C:\WINNT\System32\Drivers\etc\hosts
-r--- - - - - - 26,657 06-15-2004 hosts
------
»»Rehash:
»Strings found:
Tue Jun 15 01:54:23 2004 -- ++Find-All backups:
A C:\FindallwinBackup.hiv
--a-- - - - - - 8,192 06-15-2004 findallwinbackup.hiv
A C:\findallappinit.reg
--a-- - - - - - 632 06-15-2004 findallappinit.reg
A C:\Find-All\Find-All\winBackup.hiv
A C:\Find-All\Find-All\Fileslist\copyhosts.txt
A C:\Find-All\Find-All\Fileslist\drivers.txt
A C:\Find-All\Find-All\Fileslist\modules.txt
A C:\Find-All\Find-All\Fileslist\services.txt
A C:\Find-All\Find-All\Fileslist\windows.txt
***Next Registry run should open this key directly:
! REG.EXE VERSION 2.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
------------------