"Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output of all locations checked and all values found. Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Snarfer" = "C:\Programme\Snarfware\Snarfer\snarfer.exe /startminimized" ["Snarfware LLC"] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "DAEMON Tools" = ""C:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ "SystemTray" = "SysTray.Exe" [MS] "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "UnlockerAssistant" = ""C:\Programme\Unlocker\UnlockerAssistant.exe"" [null data] "FileZilla Server Interface" = ""C:\Programme\FileZilla Server\FileZilla Server Interface.exe"" ["FileZilla Project"] "NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "ICQ Lite" = ""C:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."] "TrueImageMonitor.exe" = "C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe" ["Acronis"] "AcronisTimounterMonitor" = "C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe" ["Acronis"] "Acronis Scheduler2 Service" = ""C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"" ["Acronis"] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "512id" = "C:\Programme\512i digital\512id.exe /minimize" ["TerraTec Electronic GmbH"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "RouterControl" = "C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE" ["Mirko Böer"] "NVIDIA nTune" = ""C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" ["NVIDIA"] HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\ HKLM\Software\Microsoft\Active Setup\Installed Components\ >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Microsoft Windows Media Player" \StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{00022613-0000-0000-C000-000000000046}" = "Eigenschaften für Multimediadatei" -> {HKLM...CLSID} = "Eigenschaften für Multimediadatei" \InProcServer32\(Default) = "mmsys.cpl" [MS] "{176d6597-26d3-11d1-b350-080036a75b03}" = "ICM-Scannerverwaltung" -> {HKLM...CLSID} = "ICM-Scannerverwaltung" \InProcServer32\(Default) = "icmui.dll" [MS] "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS-Sicherheit" -> {HKLM...CLSID} = "Erweiterung der Sicherheitsshell" \InProcServer32\(Default) = "rshx32.dll" [MS] "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "OLE-Eigenschaftenseite für Dokumente" -> {HKLM...CLSID} = "OLE-Eigenschaftenseite für Dokumente" \InProcServer32\(Default) = "docprop.dll" [MS] "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Shellerweiterungen für Freigaben" -> {HKLM...CLSID} = "Shellerweiterungen für Freigaben" \InProcServer32\(Default) = "ntshrui.dll" [MS] "{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension" -> {HKLM...CLSID} = "PlusPack CPL-Erweiterung" \InProcServer32\(Default) = "C:\WINDOWS\system32\themeui.dll" [MS] "{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Grafikkarten" -> {HKLM...CLSID} = "CPL-Erweiterung für Grafikkarten" \InProcServer32\(Default) = "deskadp.dll" [MS] "{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Bildschirme" -> {HKLM...CLSID} = "CPL-Erweiterung für Bildschirme" \InProcServer32\(Default) = "deskmon.dll" [MS] "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "DS-Sicherheit" -> {HKLM...CLSID} = "Erweiterung der Sicherheitsshell" \InProcServer32\(Default) = "dssec.dll" [MS] "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Kompatibilitätsseite" -> {HKLM...CLSID} = "Kompatibilitätsseite" \InProcServer32\(Default) = "SlayerXP.dll" [MS] "{56117100-C0CD-101B-81E2-00AA004AE837}" = "Shell-Datenauszughandler" -> {HKLM...CLSID} = "Shell-Datenauszughandler" \InProcServer32\(Default) = "shscrap.dll" [MS] "{59099400-57FF-11CE-BD94-0020AF85B590}" = "Erweiterung für Datenträgerkopien" -> {HKLM...CLSID} = "Erweiterung für Datenträgerkopien" \InProcServer32\(Default) = "diskcopy.dll" [MS] "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" -> {HKLM...CLSID} = "Shellerweiterungen für Microsoft Windows-Netzwerkobjekte" \InProcServer32\(Default) = "ntlanui2.dll" [MS] "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "ICM-Monitorverwaltung" -> {HKLM...CLSID} = "ICM-Monitorverwaltung" \InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [MS] "{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "ICM-Druckerverwaltung" -> {HKLM...CLSID} = "ICM-Druckerverwaltung" \InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS] "{77597368-7b15-11d0-a0c2-080036af3f03}" = "Shellerweiterung für Webdrucker" -> {HKLM...CLSID} = "Shellerweiterung für Webdrucker" \InProcServer32\(Default) = "printui.dll" [MS] "{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI" -> {HKLM...CLSID} = "Microsoft Disk Quota UI" \InProcServer32\(Default) = "dskquoui.dll" [MS] "{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Aktenkoffer" -> {HKLM...CLSID} = "Aktenkoffer" \InProcServer32\(Default) = "syncui.dll" [MS] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Schriftarten" -> {HKLM...CLSID} = "Schriftarten" \InProcServer32\(Default) = "fontext.dll" [MS] "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC-Profil" -> {HKLM...CLSID} = "ICC-Profil" \InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [MS] "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Druckersicherheit" -> {HKLM...CLSID} = "Erweiterung der Sicherheitsshell" \InProcServer32\(Default) = "rshx32.dll" [MS] "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Shellerweiterungen für Freigaben" -> {HKLM...CLSID} = "Shellerweiterungen für Freigaben" \InProcServer32\(Default) = "ntshrui.dll" [MS] "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension" -> {HKLM...CLSID} = "Display TroubleShoot CPL Extension" \InProcServer32\(Default) = "deskperf.dll" [MS] "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Krypto-PKO-Erweiterung" -> {HKLM...CLSID} = "CryptPKO Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS] "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Krypto-Sign-Erweiterung" -> {HKLM...CLSID} = "CryptSig Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [MS] "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Netzwerkverbindungen" -> {HKLM...CLSID} = "Netzwerkverbindungen" \InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS] "{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Netzwerkverbindungen" -> {HKLM...CLSID} = "Netzwerkverbindungen" \InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [MS] "{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Scanner und Kameras" -> {HKLM...CLSID} = "Scanner und Kameras" \InProcServer32\(Default) = "wiashext.dll" [MS] "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Scanner und Kameras" -> {HKLM...CLSID} = "Scanner und Kameras" \InProcServer32\(Default) = "wiashext.dll" [MS] "{905667aa-acd6-11d2-8080-00805f6596d2}" = "Scanner und Kameras" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "wiashext.dll" [MS] "{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Scanner und Kameras" -> {HKLM...CLSID} = "Scanner und Kameras" \InProcServer32\(Default) = "wiashext.dll" [MS] "{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Scanner und Kameras" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "wiashext.dll" [MS] "{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension" -> {HKLM...CLSID} = "Remote Sessions CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\remotepg.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Shellerweiterungen für Windows Script Host" -> {HKLM...CLSID} = "Shell Extension For Windows Script Host" \InProcServer32\(Default) = "C:\WINDOWS\system32\wshext.dll" [MS] "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft Datenverknüpfung" -> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll" [MS] "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler" -> {HKLM...CLSID} = "Scheduling UI icon handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS] "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension" -> {HKLM...CLSID} = "Scheduling UI property sheet handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS] "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Geplante Tasks" -> {HKLM...CLSID} = "Geplante Tasks" \InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS] "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" = "Set Program Access and Defaults" -> {HKLM...CLSID} = "Set Program Access and Defaults" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension" -> {HKLM...CLSID} = "Auto Update Property Sheet Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\wuaucpl.cpl" [MS] "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Suchen" -> {HKLM...CLSID} = "Suchen" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Hilfe und Support" -> {HKLM...CLSID} = "Hilfe und Support" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Hilfe und Support" -> {HKLM...CLSID} = "Windows-Sicherheit" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Ausführen..." -> {HKLM...CLSID} = "Ausführen..." \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet" -> {HKLM...CLSID} = "Internet" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "E-Mail" -> {HKLM...CLSID} = "E-Mail" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Schriftarten" -> {HKLM...CLSID} = "Schriftarten" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Verwaltung" -> {HKLM...CLSID} = "Verwaltung" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Eigenschaftenseite für vorherige Versionen" -> {HKLM...CLSID} = "Eigenschaftenseite für vorherige Versionen" \InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS] "{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Vorherige Versionen" -> {HKLM...CLSID} = "Vorherige Versionen" \InProcServer32\(Default) = "C:\WINDOWS\system32\twext.dll" [MS] "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler" -> {HKLM...CLSID} = "Audio Media Properties Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS] "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler" -> {HKLM...CLSID} = "Video Media Properties Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS] "{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler" -> {HKLM...CLSID} = "Wav Properties Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS] "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler" -> {HKLM...CLSID} = "Avi Properties Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS] "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler" -> {HKLM...CLSID} = "Midi Properties Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS] "{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor" -> {HKLM...CLSID} = "Video Thumbnail Extractor" \InProcServer32\(Default) = "C:\WINDOWS\system32\shmedia.dll" [MS] "{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Microsoft Internet Toolbar" -> {HKLM...CLSID} = "Microsoft Internet Toolbar" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Download Status" -> {HKLM...CLSID} = "Download Status" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder" -> {HKLM...CLSID} = "Augmented Shell Folder" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2" -> {HKLM...CLSID} = "Augmented Shell Folder 2" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy" -> {HKLM...CLSID} = "BandProxy" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand" -> {HKLM...CLSID} = "Microsoft BrowserBand" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search" -> {HKLM...CLSID} = "In-pane search" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility" -> {HKLM...CLSID} = "Registry Tree Options Utility" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresse" -> {HKLM...CLSID} = "&Adresse" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Address EditBox" -> {HKLM...CLSID} = "Address EditBox" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Shell Microsoft AutoComplete" -> {HKLM...CLSID} = "Shell Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{6756A641-DE71-11d0-831B-00AA005B4383}" = "MRU AutoComplete List" -> {HKLM...CLSID} = "MRU AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List" -> {HKLM...CLSID} = "Custom MRU AutoCompleted List" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible" -> {HKLM...CLSID} = "Accessible" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar" -> {HKLM...CLSID} = "Track Popup Bar" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Microsoft History AutoComplete List" -> {HKLM...CLSID} = "Microsoft History AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{03C036F1-A186-11D0-824A-00AA005B4383}" = "Microsoft Shell Folder AutoComplete List" -> {HKLM...CLSID} = "Microsoft Shell Folder AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Microsoft Multiple AutoComplete List Container" -> {HKLM...CLSID} = "Microsoft Multiple AutoComplete List Container" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Shell Band Site Menu" -> {HKLM...CLSID} = "Shell Band Site Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp" -> {HKLM...CLSID} = "Shell DeskBarApp" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Shell DeskBar" -> {HKLM...CLSID} = "Shell DeskBar" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite" -> {HKLM...CLSID} = "Shell Rebar BandSite" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "User Assist" -> {HKLM...CLSID} = "User Assist" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Global Folder Settings" -> {HKLM...CLSID} = "Global Folder Settings" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "IE Search Band" -> {HKLM...CLSID} = "IE Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE AutoComplete" -> {HKLM...CLSID} = "IE AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Web Search" -> {HKLM...CLSID} = "Web Search" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor" -> {HKLM...CLSID} = "TridentImageExtractor" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band" -> {HKLM...CLSID} = "Favorites Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service" -> {HKLM...CLSID} = "Shell Automation Inproc Service" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture" -> {HKLM...CLSID} = "Microsoft Browser Architecture" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC" -> {HKLM...CLSID} = "ISFBand OC" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC" -> {HKLM...CLSID} = "Search Assistant OC" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer" -> {HKLM...CLSID} = "Shell DocObject Viewer" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut" -> {HKLM...CLSID} = "Internet Shortcut" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service" -> {HKLM...CLSID} = "Microsoft Url History Service" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FF393560-C2A7-11CF-BFF4-444553540000}" = "History" -> {HKLM...CLSID} = "History" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files" -> {HKLM...CLSID} = "Temporary Internet Files" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files" -> {HKLM...CLSID} = "Temporary Internet Files" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook" -> {HKLM...CLSID} = "Microsoft Url Search Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "IE4 Suite-Begrüßungsbildschirm" -> {HKLM...CLSID} = "IE4 Suite-Begrüßungsbildschirm" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook" -> {HKLM...CLSID} = "CDF Extension Copy Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "The Internet" -> {HKLM...CLSID} = "The Internet" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer-Band" -> {HKLM...CLSID} = "Explorer-Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" [MS] "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\sendmail.dll" [MS] "{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX Cache Folder" -> {HKLM...CLSID} = "ActiveX Cache Folder" \InProcServer32\(Default) = "C:\WINDOWS\system32\occache.dll" [MS] "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck" -> {HKLM...CLSID} = "WebCheck" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr" -> {HKLM...CLSID} = "Subscription Mgr" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Subscription Folder" -> {HKLM...CLSID} = "Subscription Folder" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler" -> {HKLM...CLSID} = "WebCheckWebCrawler" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent" -> {HKLM...CLSID} = "WebCheckChannelAgent" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent" -> {HKLM...CLSID} = "TrayAgent" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent" -> {HKLM...CLSID} = "Code Download Agent" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent" -> {HKLM...CLSID} = "ConnectionAgent" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent" -> {HKLM...CLSID} = "PostAgent" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler" -> {HKLM...CLSID} = "WebCheck SyncMgr Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Shell Application Manager" -> {HKLM...CLSID} = "Shell Application Manager" \InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS] "{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Installed Apps Enumerator" -> {HKLM...CLSID} = "Installed Apps Enumerator" \InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS] "{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher" -> {HKLM...CLSID} = "Darwin App Publisher" \InProcServer32\(Default) = "C:\WINDOWS\system32\appwiz.cpl" [MS] "{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs" -> {HKLM...CLSID} = "Shell Image Verbs" \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS] "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory" -> {HKLM...CLSID} = "Shell Image Data Factory" \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS] "{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" -> {HKLM...CLSID} = "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS] "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" -> {HKLM...CLSID} = "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS] "{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "HTML-Extrahierungsprogramm" -> {HKLM...CLSID} = "HTML-Extrahierungsprogramm" \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS] "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler" -> {HKLM...CLSID} = "Shell Image Property Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [MS] "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Webpublishing-Assistent" -> {HKLM...CLSID} = "Webpublishing-Assistent" \InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS] "{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Bestellung von Abzügen über das Internet" -> {HKLM...CLSID} = "Bestellung von Abzügen über das Internet" \InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS] "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Shellobjekt des Webpublishing-Assistenten" -> {HKLM...CLSID} = "Shellobjekt des Webpublishing-Assistenten" \InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS] "{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Passport-Assistent" -> {HKLM...CLSID} = "Passport-Assistent" \InProcServer32\(Default) = "C:\WINDOWS\system32\netplwiz.dll" [MS] "{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "ZIP-komprimierter Ordner" -> {HKLM...CLSID} = "CompressedFolder" \InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS] "{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler" -> {HKLM...CLSID} = "Compressed (zipped) Folder Right Drag Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS] "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target" -> {HKLM...CLSID} = "Compressed (zipped) Folder SendTo Target" \InProcServer32\(Default) = "C:\WINDOWS\system32\zipfldr.dll" [MS] "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" = "Extensions Manager Folder" -> {HKLM...CLSID} = "Extensions Manager Folder" \InProcServer32\(Default) = "C:\WINDOWS\system32\extmgr.dll" [MS] "{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview" -> {HKLM...CLSID} = "Microsoft FTP Folder" \InProcServer32\(Default) = "C:\WINDOWS\system32\msieftp.dll" [MS] "{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext" -> {HKLM...CLSID} = "Microsoft DocProp Shell Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS] "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control" -> {HKLM...CLSID} = "Microsoft DocProp Inplace Edit Box Control" \InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS] "{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control" -> {HKLM...CLSID} = "Microsoft DocProp Inplace ML Edit Box Control" \InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS] "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control" -> {HKLM...CLSID} = "Microsoft DocProp Inplace Droplist Combo Control" \InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS] "{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control" -> {HKLM...CLSID} = "Microsoft DocProp Inplace Calendar Control" \InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS] "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control" -> {HKLM...CLSID} = "Microsoft DocProp Inplace Time Control" \InProcServer32\(Default) = "C:\WINDOWS\system32\docprop2.dll" [MS] "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS] "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS] "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS] "{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\dsquery.dll" [MS] "{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" [MS] "{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\dsuiext.dll" [MS] "{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS] "{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target" -> {HKLM...CLSID} = "MyDocs Drop Target" \InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS] "{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties" -> {HKLM...CLSID} = "MyDocs menu and properties" \InProcServer32\(Default) = "C:\WINDOWS\system32\mydocs.dll" [MS] "{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu" -> {HKLM...CLSID} = "Offline Files Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] "{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options" -> {HKLM...CLSID} = "Offline Files Folder Options" \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Ordner 'Offlinedateien'" -> {HKLM...CLSID} = "Ordner 'Offlinedateien'" \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] "{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler" -> {HKLM...CLSID} = "Microsoft Agent Character Property Sheet Handler" \InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [MS] "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell" -> {HKLM...CLSID} = "DfsShell Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfsshlex.dll" [MS] "{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%" -> {HKLM...CLSID} = "Drop-Zielobjekt für den Fotodruck-Assistent" \InProcServer32\(Default) = "C:\WINDOWS\system32\photowiz.dll" [MS] "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler" -> {HKLM...CLSID} = "ExtractIcon Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [MS] "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer" -> {HKLM...CLSID} = "Kabinettdatei" \InProcServer32\(Default) = "cabview.dll" [MS] "{32714800-2E5F-11d0-8B85-00AA0044F941}" = "&Nach Personen..." -> {HKLM...CLSID} = "&Nach Personen..." \InProcServer32\(Default) = "C:\Programme\Outlook Express\wabfind.dll" [MS] "{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Burn Audio CD Context Menu Handler" -> {HKLM...CLSID} = "WMP Burn Audio CD Launcher" \InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS] "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Play as Playlist Context Menu Handler" -> {HKLM...CLSID} = "WMP Play As Playlist Launcher" \InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS] "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler" -> {HKLM...CLSID} = "WMP Add To Playlist Launcher" \InProcServer32\(Default) = "C:\WINDOWS\system32\wmpshell.dll" [MS] "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = "Webordner" -> {HKLM...CLSID} = "Webordner" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll" [MS] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{35786D3C-B075-49b9-88DD-029876E11C01}" = "Portable Devices" -> {HKLM...CLSID} = "Portable Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" = "Portable Devices Menu" -> {HKLM...CLSID} = "Portable Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshext.dll" [MS] "{45670FA8-ED97-4F44-BC93-305082590BFB}" = "Microsoft.XPS.Shell.Metadata.1" -> {HKLM...CLSID} = "Windows XPS Document Metadata Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{44121072-A222-48f2-A58A-6D9AD51EBBE9}" = "Microsoft.XPS.Shell.Thumbnail.1" -> {HKLM...CLSID} = "Windows XPS Document Thumbnail Handler" \InProcServer32\(Default) = "C:\WINDOWS\System32\XPSSHHDR.DLL" [MS] "{07C45BB1-4A8C-4642-A1F5-237E7215FF66}" = "IE Microsoft BrowserBand" -> {HKLM...CLSID} = "IE Microsoft BrowserBand" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{1C1EDB47-CE22-4bbb-B608-77B48F83C823}" = "IE Fade Task" -> {HKLM...CLSID} = "IE Fade Task" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{205D7A97-F16D-4691-86EF-F3075DCCA57D}" = "IE Menu Desk Bar" -> {HKLM...CLSID} = "IE Menu Desk Bar" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{43886CD5-6529-41c4-A707-7B3C92C05E68}" = "IE Navigation Bar" -> {HKLM...CLSID} = "IE Navigation Bar" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{44C76ECD-F7FA-411c-9929-1B77BA77F524}" = "IE Menu Site" -> {HKLM...CLSID} = "IE Menu Site" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{4B78D326-D922-44f9-AF2A-07805C2A3560}" = "IE Menu Band" -> {HKLM...CLSID} = "IE Menu Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{6038EF75-ABFC-4e59-AB6F-12D397F6568D}" = "IE Microsoft History AutoComplete List" -> {HKLM...CLSID} = "IE Microsoft History AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}" = "IE Tracking Shell Menu" -> {HKLM...CLSID} = "IE Tracking Shell Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{6CF48EF8-44CD-45d2-8832-A16EA016311B}" = "IE IShellFolderBand" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{73CFD649-CD48-4fd8-A272-2070EA56526B}" = "IE BandProxy" -> {HKLM...CLSID} = "IE BandProxy" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}" = "IE MRU AutoComplete List" -> {HKLM...CLSID} = "IE MRU AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}" = "IE RSS Feeder Folder" -> {HKLM...CLSID} = "IE RSS Feeds Folder" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}" = "IE Microsoft Shell Folder AutoComplete List" -> {HKLM...CLSID} = "IE Microsoft Shell Folder AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{B31C5FAE-961F-415b-BAF0-E697A5178B94}" = "IE Microsoft Multiple AutoComplete List Container" -> {HKLM...CLSID} = "IE Microsoft Multiple AutoComplete List Container" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" = "Microsoft Browser Architecture" -> {HKLM...CLSID} = "Microsoft Browser Architecture" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}" = "IE Shell Rebar BandSite" -> {HKLM...CLSID} = "IE Shell Rebar BandSite" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{E6EE9AAC-F76B-4947-8260-A9F136138E11}" = "IE Shell Band Site Menu" -> {HKLM...CLSID} = "IE Shell Band Site Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{F2CF5485-4E02-4f68-819C-B92DE9277049}" = "&Links" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}" = "IE Registry Tree Options Utility" -> {HKLM...CLSID} = "IE Registry Tree Options Utility" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" = "IE User Assist" -> {HKLM...CLSID} = "IE User Assist" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}" = "IE Custom MRU AutoCompleted List" -> {HKLM...CLSID} = "IE Custom MRU AutoCompleted List" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"] "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"] "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension" -> {HKLM...CLSID} = "TuneUp Theme Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\uxtuneup.dll" ["TuneUp Software GmbH"] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data] "{E5A23DE9-6CC4-4f8c-88E9-AF8455B38E06}" = "RapidCRC Shell Extension" -> {HKLM...CLSID} = "RapidCRC Shell Extension" \InProcServer32\(Default) = "C:\Programme\RapidCRC\rcrcshex.dll" [null data] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension" -> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension" \InProcServer32\(Default) = "C:\Programme\Acronis\TrueImageHome\tishell.dll" ["Acronis"] "{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension" -> {HKLM...CLSID} = "Acronis True Image Shell Extension" \InProcServer32\(Default) = "C:\Programme\Acronis\TrueImageHome\tishell.dll" ["Acronis"] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Programme\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Programme\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{70B28949-EC23-4D00-A411-AD8A1B3A8A5A}" = "awxDTools - ContextMenu ShellExtension" -> {HKLM...CLSID} = "awxDTShlExt Class" \InProcServer32\(Default) = "C:\Programme\DAEMON Tools\awxDTools.dll" ["arniWORX"] "{7A5117B0-B594-4DA8-829D-D15BF11996F2}" = "awxDTools - ColumnHandler ShellExtension" -> {HKLM...CLSID} = "awxDTColumnHandler Class" \InProcServer32\(Default) = "C:\Programme\DAEMON Tools\awxDTools.dll" ["arniWORX"] "{D7C3180D-83AA-464B-9154-6BD0B4E34FBD}" = "awxDTools - PropertySheetHandler ShellExtension" -> {HKLM...CLSID} = "awxDToolsPropSheet Class" \InProcServer32\(Default) = "C:\Programme\DAEMON Tools\awxDTools.dll" ["arniWORX"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader" -> {HKLM...CLSID} = "Browseui preloader" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Component Categories cache daemon" -> {HKLM...CLSID} = "Component Categories cache daemon" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = (no title provided) -> {HKLM...CLSID} = "URL Exec Hook" \InProcServer32\(Default) = "shell32.dll" [MS] HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}" -> {HKLM...CLSID} = "PostBootReminder object" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}" -> {HKLM...CLSID} = "ShellFolder for CD Burning" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -> {HKLM...CLSID} = "WebCheck" \InProcServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS] "SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}" -> {HKLM...CLSID} = "SysTray" \InProcServer32\(Default) = "C:\WINDOWS\system32\stobject.dll" [MS] "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKCU\Software\Microsoft\Command Processor\ "AutoRun" = (value not found) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "Shell" = (value not found) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ "load" = (value not found) "run" = (value not found) HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ "Shell" = (value not found) HKLM\Software\Microsoft\Command Processor\ "AutoRun" = (empty string) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ "AppInit_DLLs" = (empty string) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ "GinaDLL" = (value not found) "Shell" = "Explorer.exe" [MS] "Taskman" = (value not found) "Userinit" = "C:\WINDOWS\system32\userinit.exe," [MS] "System" = (empty string) HKLM\System\CurrentControlSet\Control\SafeBoot\Option\ "UseAlternateShell" = (value not found) HKLM\System\CurrentControlSet\Control\SecurityProviders\ "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKLM\System\CurrentControlSet\Control\Session Manager\ <> "BootExecute" = "autocheck autochk *"|"oodbs" ["O&O Software GmbH"]| [file not found] HKLM\System\CurrentControlSet\Control\WOW\ "cmdline" = "C:\WINDOWS\system32\ntvdm.exe" [MS] "wowcmdline" = "C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ crypt32chain\DLLName = "crypt32.dll" [MS] cryptnet\DLLName = "cryptnet.dll" [MS] cscdll\DLLName = "cscdll.dll" [MS] ScCertProp\DLLName = "wlnotify.dll" [MS] Schedule\DLLName = "wlnotify.dll" [MS] sclgntfy\DLLName = "sclgntfy.dll" [MS] SensLogn\DLLName = "WlNotify.dll" [MS] termsrv\DLLName = "wlnotify.dll" [MS] WgaLogon\DLLName = "WgaLogon.dll" [MS] wlballoon\DLLName = "wlnotify.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ Your Image File Name Here without a path\Debugger = "ntsd -d" [MS] HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon\ HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\ HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup\ HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\ HKLM\Software\Classes\PROTOCOLS\Filter\ application/octet-stream\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1" \InProcServer32\(Default) = "mscoree.dll" [MS] application/x-complus\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1" \InProcServer32\(Default) = "mscoree.dll" [MS] application/x-msdownload\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1" \InProcServer32\(Default) = "mscoree.dll" [MS] Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" -> {HKLM...CLSID} = "AP Class Install Handler filter" \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS] deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {HKLM...CLSID} = "AP encoding/decoding Filters" \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS] gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {HKLM...CLSID} = "AP encoding/decoding Filters" \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS] lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {HKLM...CLSID} = "AP encoding/decoding Filters" \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [MS] text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" -> {HKLM...CLSID} = "WebView MIME Filter" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] <> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] {24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] {24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] {66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] {7A5117B0-B594-4DA8-829D-D15BF11996F2}\(Default) = "awxDTools - ColumnHandler" -> {HKLM...CLSID} = "awxDTColumnHandler Class" \InProcServer32\(Default) = "C:\Programme\DAEMON Tools\awxDTools.dll" ["arniWORX"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}" -> {HKLM...CLSID} = "Offline Files Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}" -> {HKLM...CLSID} = "Open With Context Menu Handler" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}" -> {HKLM...CLSID} = "Kontextmenü für die Verschlüsselung" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] PropertiesPlus\(Default) = "{0b95b7e0-c8b9-11cf-8f59-444553540000}" -> {HKLM...CLSID} = "PropertiesPlus" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ppshlext.dll" ["kish design"] RapidCRC\(Default) = "{E5A23DE9-6CC4-4f8c-88E9-AF8455B38E06}" -> {HKLM...CLSID} = "RapidCRC Shell Extension" \InProcServer32\(Default) = "C:\Programme\RapidCRC\rcrcshex.dll" [null data] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "C:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"] EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}" -> {HKLM...CLSID} = "Kontextmenü für die Verschlüsselung" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}" -> {HKLM...CLSID} = "Offline Files Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [MS] RapidCRC\(Default) = "{E5A23DE9-6CC4-4f8c-88E9-AF8455B38E06}" -> {HKLM...CLSID} = "RapidCRC Shell Extension" \InProcServer32\(Default) = "C:\Programme\RapidCRC\rcrcshex.dll" [null data] Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" -> {HKLM...CLSID} = "Shellerweiterungen für Freigaben" \InProcServer32\(Default) = "ntshrui.dll" [MS] TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ PropertiesPlus\(Default) = "{0b95b7e0-c8b9-11cf-8f59-444553540000}" -> {HKLM...CLSID} = "PropertiesPlus" \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ppshlext.dll" ["kish design"] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ Send To\(Default) = "{7BA4C740-9E81-11CF-99D3-00AA004AE837}" -> {HKLM...CLSID} = "Microsoft SendTo Service" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data] Default executables: -------------------- HKLM\Software\Classes\.bat\(Default) = "batfile" HKLM\Software\Classes\batfile\shell\open\command\(Default) = ""%1" %*" HKLM\Software\Classes\.cmd\(Default) = "cmdfile" HKLM\Software\Classes\cmdfile\shell\open\command\(Default) = ""%1" %*" HKLM\Software\Classes\.com\(Default) = "comfile" HKLM\Software\Classes\comfile\shell\open\command\(Default) = ""%1" %*" HKLM\Software\Classes\.exe\(Default) = "exefile" HKLM\Software\Classes\exefile\shell\open\command\(Default) = ""%1" %*" HKLM\Software\Classes\.hta\(Default) = "htafile" HKLM\Software\Classes\htafile\shell\open\command\(Default) = "C:\WINDOWS\system32\mshta.exe "%1" %*" HKLM\Software\Classes\.pif\(Default) = "piffile" HKLM\Software\Classes\piffile\shell\open\command\(Default) = ""%1" %*" HKLM\Software\Classes\.scr\(Default) = "scrfile" HKLM\Software\Classes\scrfile\shell\open\command\(Default) = ""%1" /S" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDriveTypeAutoRun" = (REG_DWORD) hex:0x00000091 {User Configuration|Administrative Templates|Windows Components|AutoPlay Policies| Turn off Autoplay} "ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoClose" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\ HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel\ HKCU\Software\Policies\Microsoft\Internet Explorer\Download\ HKLM\Software\Policies\Microsoft\Internet Explorer\Download\ HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\ HKCU\Software\Policies\Microsoft\Internet Explorer\Main\ HKLM\Software\Policies\Microsoft\Internet Explorer\Main\ HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\ HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\ HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\ HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\ HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\ HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions\ HKCU\Software\Policies\Microsoft\Internet Explorer\Security\ HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\ HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\ HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\ HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\ HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\ HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\ HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\ HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\ HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\ HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\ HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\ HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\ HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\ HKCU\Software\Policies\Microsoft\Windows\Network Connections\ HKCU\Software\Policies\Microsoft\Windows\System\ HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\ HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0\ HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "dontdisplaylastusername" = (REG_DWORD) hex:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Interactive logon: Do not display last user name} "legalnoticetext" = (REG_SZ) (empty string) {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Interactive logon: Message text for users attempting to log on} "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\ Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = (value not set) DESKTOP.INI DLL launch in local fixed drive directories: -------------------------------------------------------- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Feeds Cache\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Feeds Cache\BEY9QRD1\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Feeds Cache\D454N3EM\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Feeds Cache\FJI2BPPD\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Feeds Cache\Z2T7ZA61\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Verlauf\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Verlauf\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Verlauf\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Verlauf\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\WINDOWS\assembly\DESKTOP.INI [.ShellClassInfo] CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mscoree.dll" [MS] C:\WINDOWS\Downloaded Program Files\DESKTOP.INI [.ShellClassInfo] CLSID={88C6C381-2E85-11d0-94DE-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\occache.dll" [MS] C:\WINDOWS\Fonts\DESKTOP.INI [.ShellClassInfo] UICLSID={BD84B380-8CA2-1069-AB1D-08000948F534} -> {HKLM...CLSID}\InProcServer32\(Default) = "fontext.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\DESKTOP.INI [.ShellClassInfo] UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] CLSID={FF393560-C2A7-11CF-BFF4-444553540000} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] C:\WINDOWS\Tasks\DESKTOP.INI [.ShellClassInfo] CLSID={d6277990-4c6a-11cf-8d87-00aa0060f5bf} -> {HKLM...CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mstask.dll" [MS] D: (no DLL launch points found) E: (no DLL launch points found) F: (no DLL launch points found) G: (no DLL launch points found) H: (no DLL launch points found) K: (no DLL launch points found) L: (no DLL launch points found) M: (no DLL launch points found) N: (no DLL launch points found) Startup items in "Administrator" & "All Users" startup folders: --------------------------------------------------------------- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart "BWMeter" -> shortcut to: "C:\Programme\BWMeter\BWMeter.exe" ["DeskSoft"] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] Enabled Scheduled Tasks: ------------------------ "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{01E04581-4EEE-11D0-BFE9-00AA005B4383}" -> {HKLM...CLSID} = "&Adresse" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{01E04581-4EEE-11D0-BFE9-00AA005B4383}" -> {HKLM...CLSID} = "&Adresse" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{0E5CBF21-D15F-11D0-8301-00AA005B4383}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\(Default) = (no title provided) -> {HKLM...CLSID} = "File Search Explorer Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {4D5C8C25-D075-11D0-B416-00C04FB90376}\(Default) = (no title provided) -> {HKLM...CLSID} = "&Tipps und Tricks" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = "Shell Search Band" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Classes\CLSID\{30D02401-6A81-11D0-8274-00C04FD5AE38}\(Default) = "IE Search Band" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] HKLM\Software\Classes\CLSID\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}\(Default) = "&Discuss" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}\(Default) = "Favorites Band" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}\(Default) = "History Band" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}\(Default) = "Explorer-Band" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {0E921E80-267A-42AA-AEE4-60B9A1222A44}\ "ButtonText" = "Klicke hier um das Projekt xp-AntiSpy zu unterstützen" "MenuText" = "Unterstützung für xp-AntiSpy" "Exec" = "C:\Programme\xp-AntiSpy\sponsoring\sponsor.html" [null data] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Internet Explorer Address Prefixes: ----------------------------------- Prefix for bare domain ("domain-name-here.com") HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Default Prefix\ (Default) = "http://" Prefix for specific service (i.e., "www") HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\ "ftp" = "ftp://" "gopher" = "gopher://" "home" = "http://" "mosaic" = "http://" "www" = "http://" Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = (no title provided) -> {HKLM...CLSID} = "Microsoft Url Search Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ "DesktopItemNavigationFailure" = "res://ieframe.dll/navcancl.htm" [MS] "NavigationFailure" = "res://ieframe.dll/navcancl.htm" [MS] "NavigationCanceled" = "res://ieframe.dll/navcancl.htm" [MS] "OfflineInformation" = "res://ieframe.dll/offcancl.htm" [MS] "Home" = hex:0x0000010E "blank" = "res://mshtml.dll/blank.htm" [MS] "PostNotCached" = "res://ieframe.dll/repost.htm" [MS] "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS] "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS] "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS] "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS] HOSTS file ---------- HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\ "DataBasePath" = "C:\WINDOWS\System32\drivers\etc" C:\WINDOWS\System32\drivers\etc\HOSTS maps: 1 domain name to an IP address, and this is the localhost IP address All Running Services (Display Name, Service Name, Path {Service DLL}): ---------------------------------------------------------------------- Acronis Scheduler2 Service, AcrSch2Svc, ""C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe"" ["Acronis"] AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["Avira GmbH"] AntiVir PersonalEdition Classic Planer, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] Arbeitsstationsdienst, lanmanworkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]} Automatische Updates, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [MS]} COM+-Ereignissystem, EventSystem, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\es.dll" [MS]} Computerbrowser, Browser, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\browser.dll" [MS]} DCOM-Server-Prozessstart, DcomLaunch, "C:\WINDOWS\system32\svchost -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [MS]} Designs, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]} DHCP-Client, Dhcp, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]} DNS-Client, Dnscache, "C:\WINDOWS\system32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]} Druckwarteschlange, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS] Ereignisprotokoll, Eventlog, "C:\WINDOWS\system32\services.exe" [MS] Error Reporting Service, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]} Gatewaydienst auf Anwendungsebene, ALG, "C:\WINDOWS\System32\alg.exe" [MS] Geschützter Speicher, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS] HID Input Service, HidServ, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\hidserv.dll" [MS]} Hilfe und Support, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]} HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} IPSEC-Dienste, PolicyAgent, "C:\WINDOWS\system32\lsass.exe" [MS] Kompatibilität für schnelle Benutzerumschaltung, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]} Konfigurationsfreie drahtlose Verbindung, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]} Kryptografiedienste, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]} Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Netzwerkverbindungen, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]} NLA (Network Location Awareness), Nla, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]} NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Plug & Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS] RAS-Verbindungsverwaltung, RasMan, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]} Remote-Registrierung, RemoteRegistry, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\regsvc.dll" [MS]} Remoteprozeduraufruf (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\System32\rpcss.dll" [MS]} Sekundäre Anmeldung, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]} Server, lanmanserver, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]} Shellhardwareerkennung, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]} Sicherheitskontenverwaltung, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS] SSDP-Suchdienst, SSDPSRV, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]} StarWind iSCSI Service, StarWindService, "C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Systemereignisbenachrichtigung, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]} Systemwiederherstellungsdienst, srservice, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\srsvc.dll" [MS]} Taskplaner, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]} TCP/IP-NetBIOS-Hilfsprogramm, LmHosts, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]} Telefonie, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]} Terminaldienste, TermService, "C:\WINDOWS\System32\svchost -k DComLaunch" {"C:\WINDOWS\System32\termsrv.dll" [MS]} TuneUp Designerweiterung, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]} Verwaltung logischer Datenträger, dmserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dmserver.dll" [MS]} Webclient, WebClient, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]} Windows Audio, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]} Windows Firewall/Internet Connection Sharing (ICS), SharedAccess, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipnathlp.dll" [MS]} Windows-Verwaltungsinstrumentation, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]} Windows-Zeitgeber, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\w32time.dll" [MS]} Überwachung verteilter Verknüpfungen (Client), TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]} Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = "kbdclass" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor\Driver = "cnbjmon.dll" [MS] Local Port\Driver = "localspl.dll" [MS] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] PJL Language Monitor\Driver = "pjlmon.dll" [MS] Standard TCP/IP Port\Driver = "tcpmon.dll" [MS] USB Monitor\Driver = "usbmon.dll" [MS] -- (total run time: 49 seconds) <>: Suspicious data at a malware launch point.