15. april 2005 - 15:11
Der er
25 kommentarer og
1 løsning
HJÆLP mit skivebord er væk - SmartSecurity
HJÆLP :( Jeg er blevet Hijakket af SmarSecurity ?
Jeg har fulgt en del sider her i forum og nogle Engelske forum ang. SmartSecurity og hentet div. Antivirus og Spy programmer og det har da også hjulpet en hel del.
Men nu kan jeg ikke komme længere end at jeg har ikke flere spy/vira på min maskine og SmartSecurity logoet er væk men der er stadigt et blåt skivebord og alle mine alm. ikoner er der ikke og jeg kan ikke højreklikke.
Jeg har lagt en genvej på skrivebordet til mit eget skivebord og det er så den eneste måde jeg kan komme på mit eget skrivebord og det er lidt irreterende.
er der nogen som har nogle forslag????
Her er en log fil fra HijakThis:
Logfile of HijackThis v1.99.1
Scan saved at 14:47:41, on 15-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Programmer\GFI\FAXmaker Client\fmstart.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\iexplore.exe
E:\hijackhis - scan\hijackthis - Spyware - program.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sunasDTServ] C:\Programmer\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Programmer\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [FMStart] "C:\Programmer\GFI\FAXmaker Client\fmstart.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{A902EC95-C566-431E-BE31-ECDDEACD101F}\SECURITY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmer\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Dnj] C:\WINDOWS\Mca.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] E:\hijackhis - scan\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [Vfh] C:\WINDOWS\Jit.exe
O4 - HKCU\..\Run: [Uas] C:\WINDOWS\Dpt.exe
O4 - Global Startup: PhoneManager.lnk = C:\Programmer\Avaya\IP Office\Phone Manager\PhoneManager.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://ny.contentmatch.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108045330950O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -
http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cabO16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
http://scanner.virus112.com/cabs/cssweb.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = K1.local
O17 - HKLM\Software\..\Telephony: DomainName = K1.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{56964934-7016-4BEF-8B24-BA08ACEEE3F2}: NameServer = 10.0.0.180
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = K1.local
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: OracleAxaptaClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe
Div. Programmer jeg har kørt er:
Norton Symantac 2004
KasperSky antivirus
Hausecall online antivirus
Panda online antivirus
Microsoft AntiSpyware
CounterSpy
AdAware pro
WinPatrol
spSeHfix.exe
HijakThis.exe
Cleanup312.exe
Killbox.exe
og reg filen - slimshieldfixXP
18. april 2005 - 15:27
#5
Yepikajeeee jeg kan højre klikke :) og skifte bill. og thema igen, men jeg mangler stadig mine egne ikoner fra mit skrivebord, som om det stadigt er det andet skrivebors jeg har, selv om jeg skifter thema????
Men "ejvindh" her er en log fra HijackThis:
C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmer\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Avaya\IP Office\Phone Manager\PhoneManager.exe
C:\Programmer\iPod\bin\iPodService.exe
P:\AxaptaClient30Sp2\Bin\ax32.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
E:\hijackhis - scan\hijackthis - Spyware - program.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.fyens.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sunasDTServ] C:\Programmer\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Programmer\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [FMStart] "C:\Programmer\GFI\FAXmaker Client\fmstart.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmer\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PhoneManager.lnk = C:\Programmer\Avaya\IP Office\Phone Manager\PhoneManager.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108045330950O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -
http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cabO16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
http://scanner.virus112.com/cabs/cssweb.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = K1.local
O17 - HKLM\Software\..\Telephony: DomainName = K1.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{56964934-7016-4BEF-8B24-BA08ACEEE3F2}: NameServer = 10.0.0.180
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = K1.local
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: OracleAxaptaClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe
18. april 2005 - 16:02
#8
Ups... det så jeg ik.
Her er den fulde:
Logfile of HijackThis v1.99.1
Scan saved at 15:05:02, on 18-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Programmer\GFI\FAXmaker Client\fmstart.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
C:\Programmer\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Avaya\IP Office\Phone Manager\PhoneManager.exe
C:\Programmer\iPod\bin\iPodService.exe
P:\AxaptaClient30Sp2\Bin\ax32.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
E:\hijackhis - scan\hijackthis - Spyware - program.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.fyens.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sunasDTServ] C:\Programmer\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Programmer\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [FMStart] "C:\Programmer\GFI\FAXmaker Client\fmstart.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Programmer\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PhoneManager.lnk = C:\Programmer\Avaya\IP Office\Phone Manager\PhoneManager.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108045330950O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) -
http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cabO16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
http://scanner.virus112.com/cabs/cssweb.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = K1.local
O17 - HKLM\Software\..\Telephony: DomainName = K1.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{56964934-7016-4BEF-8B24-BA08ACEEE3F2}: NameServer = 10.0.0.180
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = K1.local
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: OracleAxaptaClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe
Ja hvis du mener SystemSecDK.reg så er den regget - og jeg checker lige det med skrivebordet.
18. april 2005 - 16:12
#10
OK, prøv dette så: Kopier den tekst der står nedenunder de stiplede linier ind i Notepad, og gem dem som antiss.reg på skrivebordet. Dobbeltklik på filen og accepter at tilføje informationerne. Genstart og meld tilbage om det hjalp:
---------------------------------------------------------
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\BackupWallpaper]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\SafeMode\General\Wallpaper]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User shell folders]
"Custom Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,53,00,6b,00,72,00,69,00,76,00,65,00,62,00,6f,\
00,72,00,64,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell folders]
"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,53,00,6b,00,72,00,69,00,76,00,65,00,62,00,6f,\
00,72,00,64,00,00,00
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell folders]
"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,53,00,6b,00,72,00,69,00,76,00,65,00,62,00,6f,\
00,72,00,64,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User shell folders]
"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,53,00,6b,00,72,00,69,00,76,00,65,00,62,00,6f,\
00,72,00,64,00,00,00
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User shell folders]
"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,53,00,6b,00,72,00,69,00,76,00,65,00,62,00,6f,\
00,72,00,64,00,00,00
[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=""
"OriginalWallpaper"=""
"ConvertedWallpaper"=""