vundo - troj/agent-DJ lässt sich nich entfernen

#16 "Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"EPSON Stylus DX4200 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"!AVG Anti-Spyware" = ""C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{D0CE97A0-415B-42E9-B251-34393AF2D5F6}" = "OmniPass Shell Extension"
-> {HKLM...CLSID} = "Softex OmniPass Encrypted File"
\InProcServer32\(Default) = "C:\Apps\Softex\OmniPass\opfolderext.dll" ["Softex Inc."]
"{D5B1944E-DB4E-482E-B3F1-DB05827F0978}" = "OmniPass ShellNameSpace Extension"
-> {HKLM...CLSID} = "Softex OmniPass Encrypted Folder"
\InProcServer32\(Default) = "C:\Apps\Softex\OmniPass\opfolderext.dll" ["Softex Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Apps\RecordNow\shlext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Outlook"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
-> {HKLM...CLSID} = "Universelle Plug & Play-Geräte"
\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zipn.dll" ["Igor Pavlov"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}" = "Trend Micro Anti-Spyware Shell Extension"
-> {HKLM...CLSID} = "Trend Micro Anti-Spyware Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Trend Micro\Tmas\sshook.dll" ["Trend Micro Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> OPXPGina\DLLName = "C:\Apps\Softex\OmniPass\opxpgina.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zipn.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
OPShellExt\(Default) = "{D0CE97A0-415B-42E9-B251-34393AF2D5F6}"
-> {HKLM...CLSID} = "Softex OmniPass Encrypted File"
\InProcServer32\(Default) = "C:\Apps\Softex\OmniPass\opfolderext.dll" ["Softex Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Programme\7-Zip\7-zipn.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
OPShellExt\(Default) = "{D0CE97A0-415B-42E9-B251-34393AF2D5F6}"
-> {HKLM...CLSID} = "Softex OmniPass Encrypted File"
\InProcServer32\(Default) = "C:\Apps\Softex\OmniPass\opfolderext.dll" ["Softex Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoCDBurning" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Dokumente und Einstellungen\Kurando\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\SCREEN~1.SCR" [file not found]


Startup items in "Kurando" & "All Users" startup folders:
---------------------------------------------------------

D:\Dokumente und Einstellungen\Kurando\Startmenü\Programme\Autostart
"Gigaset WLAN Adapter Monitor" -> shortcut to: "C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe" [empty string]

so sorry so müsstes stimmn

#17 Start - Ausführen - regedit
klicke dich durch in der registry zu diesem Schluessel:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

klicke oben links auf Export

dann speichere die datei, die erscheint als reg.txt ab und posten den text
__________
MfG Sabina

rund um die PC-Sicherheit

#18 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]


nur das aber ich glaub ich hab kapiert wo ich mist gebaut hab hatte mal in der reg ausversehen den explorer ordner gelöst ~~~ kriegt man das wieder hin?

#19 geloescht ????????????
wie denn das ? du hast doch nur eine txt-Datei erstellt....
oder hast du allein in der Registry was gemacht, ohne dass ich es angewiesen hatte ?


navegiere zu: und schreibe ab.. was du findest

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
__________
MfG Sabina

rund um die PC-Sicherheit

#20 jo ich hatte den ganzen ordner in der reg ausversehen gelöscht weil der thread im meinem txt dokument (als ich selbst versucht hatte) abgekappt war und dann naja bei explorer endete ... rest kannst du dir denken alles wa weg

Ich finde nur noch den run ordner mehr is da nich^^"

sorry wegen der späten antwort

#21 so richtig verstehe ich nicht, was du geloescht hast, also welchen Schluessel genau.
wenn du es mir genau erklaerst, schaue ich auf meinem Rechner nach und erstelle dir eine reg. die man dann in deine Registry importieren, also wieder neu erstellen kann
__________
MfG Sabina

rund um die PC-Sicherheit

#22 im prinzip ist alles nach explorer/ weg bis auf den ordner run der hat sich selbst wieder erstellt ... sehr dumme sache ich weiss^^
soll ich die ganzen backup dateien von avenger und so eigentlich löschen?
und danke für deine hilfe

#23 das ist kein problem, wie es auschaut -oder funktioniert irgenwas nicht?
__________
MfG Sabina

rund um die PC-Sicherheit

#24 jo zb kann ich start/programme nicht mer aufrufen also diese leiste die kommt wenn man im startmenü auf programme klickt und im arbeitsplatz gibt es die ordner "eigene dateien" und "gemeinsame dateien" nicht mehr komme nur noch über D:/dokumente und einstellungen bla bla bla da drauf... und so kleinigkeiten wie zb mein brennprogramm record now is futsch...ich meine ich kann auch versuchen alles mit meiner master cd zu machen wenn es da die funktion reparieren gibt aber dann muss ich die erstmal finden was is mir den backup dateien kann ich die löschen?

#25 poste das neue log vom silentrunner
(die backups vom avenger kannst du loeschen)
__________
MfG Sabina

rund um die PC-Sicherheit

#26 irgendwie funktioniert silentrunner nich kriege ne fehlermeldung...ungültiger prozess aufruf oderso...was nu?

#27 funktioniert winpfind ?
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit

#28 Checking %SystemDrive% folder...
WSUD 09.09.2006 20:24:06 137281536 C:\CD.bin ()

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 01.09.2004 15:49:56 284672 C:\WINDOWS\SYSTEM32\avisynth.dll (The Public)
PEC2 04.08.2004 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PECompact2 08.12.2006 00:13:44 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 08.12.2006 00:13:44 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 04.08.2004 14:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 04.08.2004 14:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 04.08.2004 14:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 27.04.2006 16:49:00 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 29.08.2006 18:43:00 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 09.01.2006 09:36:00 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
UPX! 01.12.2006 05:20:00 79360 C:\WINDOWS\SYSTEM32\swxcacls.exe (SteelWerX)
winsync 04.08.2004 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
26.12.2006 13:17:58 S 2048 C:\WINDOWS\bootstat.dat ()
25.12.2006 21:12:22 H 54156 C:\WINDOWS\QTFont.qfn ()
08.12.2006 03:11:16 S 9090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
08.11.2006 06:24:00 S 11671 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat ()
18.11.2006 07:02:36 S 22261 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925454.cat ()
26.12.2006 13:19:30 H 1024 C:\WINDOWS\system32\config\default.LOG ()
26.12.2006 13:18:26 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
26.12.2006 13:19:20 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
26.12.2006 14:26:48 H 1024 C:\WINDOWS\system32\config\software.LOG ()
26.12.2006 13:19:42 H 1024 C:\WINDOWS\system32\config\system.LOG ()
16.12.2006 00:14:14 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
23.11.2006 03:01:14 S 558 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD ()
21.12.2006 14:52:18 S 1039 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
23.11.2006 03:01:14 S 146 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD ()
21.12.2006 14:52:18 S 126 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 ()
05.12.2006 13:46:24 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\063ed354-eec3-46c9-bd4e-77e85de1736b ()
05.12.2006 13:46:24 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
28.11.2006 16:59:46 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\382e7b6c-a050-4e05-b3cf-fe0e7a56ea7a ()
28.11.2006 16:59:46 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
26.12.2006 13:18:08 H 6 C:\WINDOWS\Tasks\SA.DAT ()
16.12.2006 14:29:38 HS 0 C:\WINDOWS\Temp\x00eqd9k.TMP ()

Checking for CPL files...
04.08.2004 14:00:00 70656 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
21.06.2005 14:12:58 294912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
04.08.2004 14:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
04.08.2004 14:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
04.08.2004 14:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
04.08.2004 14:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
04.08.2004 14:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
04.08.2004 14:00:00 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
04.08.2004 14:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
04.08.2004 14:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
04.08.2004 14:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
04.03.2005 03:36:44 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
04.08.2004 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
04.08.2004 14:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
04.08.2004 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
04.08.2004 14:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
04.08.2004 14:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
10.10.2005 20:49:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()
04.08.2004 14:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
04.08.2004 14:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
26.05.2005 13:14:48 262144 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL (Realtek Semiconductor Corp.)
12.08.2005 17:01:16 65536 C:\WINDOWS\SYSTEM32\scurecpl.cpl (Softex, Inc)
04.08.2004 14:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
04.08.2004 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
04.08.2004 14:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
04.08.2004 14:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
04.09.2006 13:08:28 1780 D:\plugins\BotCheck_NoSubs.def ()
04.09.2006 13:05:22 1899 D:\plugins\BotCheck_Subs.def ()
01.08.2006 16:19:46 76 D:\plugins\Exe_Test.def ()
13.08.2006 13:13:10 1126 D:\plugins\FileAssoc.def ()
28.06.2006 16:48:16 80 D:\plugins\HKCU_IEDesktop.def ()
24.07.2006 16:15:50 40 D:\plugins\Jobs.def ()
12.07.2006 21:20:26 173 D:\plugins\Policies.def ()
22.06.2006 21:09:42 308 D:\plugins\Security.def ()
08.07.2006 09:45:24 79 D:\plugins\ShellState.def ()
03.09.2006 09:34:44 328 D:\plugins\SID_Run_Policies.def ()
31.07.2006 05:34:22 291 D:\plugins\Svc_Tcpip.def ()
08.07.2006 09:25:38 82 D:\plugins\SvcHost_Check.def ()
26.06.2006 05:26:44 407 D:\plugins\SystemRestore.def ()
UPX! 01.08.2006 15:59:50 147968 D:\plugins\wpf2def.exe ()
22.07.2006 10:14:48 228 D:\plugins\ZoneMap.def ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
12.08.2004 02:56:50 HS 62 D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
12.08.2004 03:06:42 HS 84 D:\Dokumente und Einstellungen\Kurando\Startmenü\Programme\Autostart\desktop.ini ()
26.02.2006 20:09:16 1593 D:\Dokumente und Einstellungen\Kurando\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
12.08.2004 02:56:50 HS 62 D:\Dokumente und Einstellungen\Kurando\Anwendungsdaten\desktop.ini ()
11.11.2006 20:40:28 66384 D:\Dokumente und Einstellungen\Kurando\Anwendungsdaten\GDIPFONTCACHEV1.DAT ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.internetcologne.de
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.internetcologne.de
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - about:blank
\\Search Bar - http://google.icq.com/search/search_frame.php
\\Search Page - http://google.icq.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar = C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Sucheingriff = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page = C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
\\{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar = C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
\\{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus = C:\Programme\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Norton Internet Security = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - = ()
\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page = C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQ Toolbar = C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
\WebBrowser\\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} - Protection Bar = C:\Programme\Video ActiveX Object\iesplugin.dll ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Konsole
\\NEXTID - 8197
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8194 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8195 = Windows Messenger
\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - 8196 = ICQ Lite

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Konsole = C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll (Sun Microsystems, Inc.)
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Recherchieren =
\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - ButtonText: ICQ Lite = C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - CPL-Erweiterung für Anzeigeverschiebung = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shellerweiterungen für die Dateikomprimierung = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontextmenü für die Verschlüsselung = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Erweiterung für HyperTerminal-Icons = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskleiste und Startmenü = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Benutzerkonten = ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll ()
\\{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} - OmniPass Shell Extension = ()
\\{D0CE97A0-415B-42E9-B251-34393AF2D5F6} - OmniPass Shell Extension = C:\Apps\Softex\OmniPass\opfolderext.dll (Softex Inc.)
\\{D5B1944E-DB4E-482E-B3F1-DB05827F0978} - OmniPass ShellNameSpace Extension = C:\Apps\Softex\OmniPass\opfolderext.dll (Softex Inc.)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Programme\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = C:\Apps\RecordNow\shlext.dll ()
\\{73B24247-042E-4EF5-ADC2-42F62E6FD654} - ICQ Lite Shell Extension = C:\Programme\ICQLite\ICQLiteShell.dll ()
\\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = C:\Programme\7-Zip\7-zipn.dll ()
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Programme\WinRAR\rarext.dll ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Programme\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - Trend Micro Anti-Spyware Shell Extension = C:\Programme\Trend Micro\Tmas\sshook.dll (Trend Micro Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Programme\7-Zip\7-zipn.dll ()
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll ()
\OPShellExt - {D0CE97A0-415B-42E9-B251-34393AF2D5F6} = C:\Apps\Softex\OmniPass\opfolderext.dll (Softex Inc.)
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programme\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Programme\7-Zip\7-zipn.dll ()
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll ()
\OPShellExt - {D0CE97A0-415B-42E9-B251-34393AF2D5F6} = C:\Apps\Softex\OmniPass\opfolderext.dll (Softex Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll ()
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programme\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
!AVG Anti-Spyware - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
TkBellExe - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
EPSON Stylus DX4200 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
D:\Dokumente und Einstellungen\Kurando\Anwendungsdaten\desktop.ini ()
D:\Dokumente und Einstellungen\Kurando\Anwendungsdaten\GDIPFONTCACHEV1.DAT ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
D:\Dokumente und Einstellungen\Kurando\Startmenü\Programme\Autostart\desktop.ini ()
D:\Dokumente und Einstellungen\Kurando\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk - C:\Programme\Siemens\Gigaset USB Stick 108\Gcc.exe ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll = ()
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{04C3FA1F-BD96-4C76-B826-2A57C55DA501} - (D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C))
{26004721-6783-4F92-B5FC-BC809BEA6DF9} - (D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C))
{34FBDA2D-32D5-4BE2-BC8D-D2978A6358FA} - (Gigaset USB Stick 108)
{3A9555A6-D6CB-4AD0-B060-8C9966D606FD} - ()
{61E8DCC8-CB62-44ED-922B-D1AED658E4A2} - ()
{80CAE6DB-4467-4C55-AF45-33941E66B5DE} - (1394-Netzwerkadapter)
{91B565C9-9689-40CE-93B7-C3709D052322} - (Gigaset USB Adapter 54)
{938632FB-7189-4711-B548-657E9ED36109} - (Realtek RTL8139/810x Family Fast Ethernet NIC)
{B3DBA55C-CE96-4113-87D6-A48CD3ED33B6} - (D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.C))
{D5E21CBB-9C59-4416-AD22-08A335487388} - ()
{E8F40DEC-10DF-4764-80B9-27A4368AA3FA} - (Gigaset USB Stick 108)
{F4449CD9-625B-4EE2-B52E-1180AF1FDE1B} - (Gigaset USB Stick 108)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000004\\LibraryPath - %SystemRoot%\system32\wshbth.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000028\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000029\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000030\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000031\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000032\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000033\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000034\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

hier is das ding ^^

#29 ich weiss auch nicht, wie wir das wieder hingebogen bekommen, da ich nicht genau weiss, was du nun eigentlich geloscht hast.
ist die Systemwiederherstellung aktiviert ???
__________
MfG Sabina

rund um die PC-Sicherheit

#30 negativ.......jedenfalls vielen dank für den tollen support ich glaube ich mach das mit der backup cd und installiere alles neu...^^ bis dann tschööö