Home » Viren, Trojaner & Malware Forum » ungewollte umleitung in opera, ff und ie ... » Themenansicht

ungewollte umleitung in opera, ff und ie ...
#0
29.12.2006, 21:22
spotting
Member

Beiträge: 19
#1 ok, ich hab da ein problem.

Ausgangssituatuion

Ich nutze opera@usb als standard browser. dazu windows xp home sp2 mit allen updates. einen siemens se515 router mit dem ich per wlan verbunden bin. und grisoft freeavg als hintergrundwächter.

im opera browser habe ich eingestellt, dass ich beim starten des browser die zuletzt besuchten webseiten wieder aufrufe. (session speichern)

In diesem Beispiel sind es zwei Tabs die erneut geöffnet werden müssen,
www.spiegel.de und www.google.de

Problem:

eigentlich sind es drei probleme, die aber irgendwie alle miteinander zusammenhängen.

1. Wenn ich meinen browser starte kann ich manche webseiten nicht aufrufen. anstatt dass ich auf:
http://www.google.de
lande, ruft der browser etwas auf, das aussieht wie:
http://www.spiegel.de/http://google.de
in der adressleiste steht jedoch nur die richtige adresse google.de
www.spiegel.de selber hingegen funktioniert einwandfrei.
wenn ich jetzt als alternative google.com versuche anzusteuern geht dies ohne probleme.
wenn ich jetzt den IE oder FF und versuche google.de aufzurufen habe ich den gleichen fehler.

das ungewöhnliche daran ist, nach ca 15 minuten ist dieser spuk wieder vorbei. dann kann ich mit jedem browser normal weiter surfen. nach mehreren stunden, oder einem systemneustart tritt der fehler wieder auf.

2. der gleiche fehler wie oben, nur dass er nicht beim starten des browser auftritt, sondern irgenwann mittendrin auf seiten, die ich 10 minuten vorher noch habe besuchen können. auch hier ist nach ca 15 minuten scheinbar wieder alles in ordnung.

3. die umleitung ist hier etwas anders. hier werde ich auf eine völlig fremde webseite umgeleitet. die jedoch auf dem gleichen server liegt wie mein gewünschtes ziel. und auch hier, nach 15 minuten kann ich normal weiter surfen.

was ich bislang gemacht habe.

1. hijackthis (auch die hijackthis.exe in spotting.com und das log in spotting.txt umbenannt, ohne andere ergebnisse)

hier das logfile

Code

Logfile of HijackThis v1.99.1
Scan saved at 14:08:09, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\DAEMON Tools\daemon.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe
C:\Opera\op.com
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\backup\ProgZ\HijackThis2.com

O4 - HKLM\..\Run: [DAEMON Tools] "d:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


bis auf diesen eintrag ist mein logfile sauber, wofür steht er, wie krieg ich ihn da raus?
O18 - Filter hijack: text/xml - (no CLSID) - (no file)

dann habe ich noch mit diesen programmen gescannt,

Grisoft free avg 7.5 - keine malware
mwav (escan) - Keine malware
spybot sd - keine malware
adaware - keine malware


wenn ihr mehr informationen braucht, sagt es.

ich hoffe, ihr habt eine idee und könnt mir helfen.

mfg spotting
Seitenanfang Seitenende
30.12.2006, 13:40
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 spotting

««
poste bitte dieses log hier
http://virus-protect.org/silentrunner.html

««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.12.2006, 22:49
spotting
Member

Themenstarter

Beiträge: 19
#3 Danke

möchtest du die logs als "code" oder als normaler forums text?
nun, mir persöhnlich ist code lieber, ansonsten editiere ich meine texte um.

ersteinmal das vb script

Code

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"DAEMON Tools" = ""d:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"AVG7_CC" = "D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "D:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
  -> {HKLM...CLSID} = "AlcoholShellEx"
                   \InProcServer32\(Default) = "D:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                   \InProcServer32\(Default) = "D:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
  -> {HKLM...CLSID} = "AVG7 Find Extension Class"
                   \InProcServer32\(Default) = "D:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Eigene Telefone"
  -> {HKLM...CLSID} = "Eigene Telefone"
                   \InProcServer32\(Default) = "D:\Sony\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
  -> {HKLM...CLSID} = "dBpShell Class"
                   \InProcServer32\(Default) = "D:\Programme\Illustrate\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
  -> {HKLM...CLSID} = "dMCIShell Class"
                   \InProcServer32\(Default) = "D:\Programme\Illustrate\dBpowerAMP\dMCShell.dll" [empty string]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager"
  -> {HKLM...CLSID} = "Desktop Manager"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
  -> {HKLM...CLSID} = "Haali Column Provider"
                   \InProcServer32\(Default) = "D:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"
  -> {HKLM...CLSID} = "dBpShell Class"
                   \InProcServer32\(Default) = "D:\Programme\Illustrate\dBpowerAMP\dBShell.dll" [empty string]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "D:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                   \InProcServer32\(Default) = "D:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
digestIT 2004\(Default) = "{21EA22EF-1773-11D8-8EB8-0050BF643EE7}"
  -> {HKLM...CLSID} = "digestITShell Class"
                   \InProcServer32\(Default) = "D:\Programme\digestIT 2004\digestIT.dll" ["Kenneth Ballard"]
MyPhoneExplorer\(Default) = "{2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E}"
  -> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"
                   \InProcServer32\(Default) = "D:\Programme\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
  -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
                   \InProcServer32\(Default) = "D:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
  -> {HKLM...CLSID} = "7-Zip Shell Extension"
                   \InProcServer32\(Default) = "D:\Programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
  -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
                   \InProcServer32\(Default) = "D:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                   \InProcServer32\(Default) = "D:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSharedDocuments" = (REG_DWORD) hex:0x00000001
{Remove Shared Documents from My Computer}

"NoInternetIcon" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo " = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoUserNameInStartMenu" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoSMHelp" = (REG_DWORD) hex:0x00000001
{Remove Help menu from Start Menu}

"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"CDRAutoRun" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) hex:0x00000001
{Don't save settings at exit}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"NoActiveDesktopChanges" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

"DisableStatusMessages" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"VerboseStatus" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

"DisableTaskMgr" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoInternetOpenWith" = (REG_DWORD) hex:0x00000001
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\spot\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Startup items in "spot" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Gigaset WLAN Adapter Monitor" -> shortcut to: "C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe" [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
  -> {HKLM...CLSID} = "&Links"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
dann, der cleanup möchte einen neustart haben, das ist momentan aber nicht möglich, wegen eines 3,7 gb linux downloads ... den werd ich später nachholen,

Beim ausführen der datfindbat tritt jedoch ein fehler auf.
ich habe die batch datei in c:\ gespeichert und wenn ich sie ausführe erstellt sie mir 6 mal ein logfile von meiner d:\ partition.

das werde ich nach einem sysneustart in 5 oder 6 stunden (also morgen) hier hinein editieren.

so, hier jetzt noch die ergebnisse mit der datfindbat.

Code

Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: 301C-8067

 Verzeichnis von C:\DOKUME~1\spot\LOKALE~1\Temp

 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: 301C-8067

 Verzeichnis von C:\WINDOWS\system32

31.12.2006  10:53            17.145 nvapps.xml
31.12.2006  08:41           401.240 perfh009.dat
31.12.2006  08:41            62.518 perfc009.dat
31.12.2006  08:41           415.820 perfh007.dat
31.12.2006  08:41            75.228 perfc007.dat
31.12.2006  08:41           967.032 PerfStringBackup.INI
31.12.2006  08:36             2.278 wpa.dbl
29.12.2006  14:40                 0 asfiles.txt
29.12.2006  14:37             2.550 Uninstall.ico
29.12.2006  14:37             1.406 Help.ico
29.12.2006  14:37            30.590 pavas.ico
08.12.2006  00:13        10.716.584 MRT.exe
07.12.2006  06:29         2.374.472 wmvcore.dll
17.11.2006  18:54         1.040.384 ieframe.dll.mui
17.11.2006  18:53            12.288 advpack.dll.mui
08.11.2006  06:06           679.424 inetcomm.dll
07.11.2006  21:03           458.752 msfeeds.dll
07.11.2006  21:03           156.160 msls31.dll
07.11.2006  21:03         6.049.280 ieframe.dll
07.11.2006  21:03           180.736 ieui.dll
07.11.2006  21:03           131.584 extmgr.dll
07.11.2006  21:03           818.688 wininet.dll
07.11.2006  21:03           475.648 mshtmled.dll
07.11.2006  21:03           670.720 mstime.dll
07.11.2006  21:03           231.424 webcheck.dll
07.11.2006  21:03           191.488 iepeers.dll
07.11.2006  21:03         3.577.856 mshtml.dll
07.11.2006  21:03            27.136 jsproxy.dll
07.11.2006  21:03         1.162.240 urlmon.dll
07.11.2006  21:03           413.696 vbscript.dll
07.11.2006  21:03            50.688 msfeedsbs.dll
07.11.2006  03:27           382.976 iedkcs32.dll
07.11.2006  03:27           229.376 ieaksie.dll
07.11.2006  03:26           152.064 ieakeng.dll
07.11.2006  03:26            71.680 admparse.dll
07.11.2006  03:26            55.296 iesetup.dll
07.11.2006  03:26            13.312 ieudinit.exe
07.11.2006  03:26            43.008 iernonce.dll
07.11.2006  03:26            54.784 ie4uinit.exe
07.11.2006  03:26           123.904 advpack.dll
07.11.2006  03:26            92.672 inseng.dll
07.11.2006  03:25           161.792 ieakui.dll
07.11.2006  03:24            56.483 ieuinit.inf
04.11.2006  14:14         1.245.696 msxml4.dll
20.10.2006  02:38           715.776 sxs.dll
18.10.2006  19:58            34.308 BASSMOD.dll
17.10.2006  12:06           443.904 html.iec
17.10.2006  12:06            78.336 ieencode.dll
17.10.2006  12:05           206.336 WinFXDocObj.exe
17.10.2006  12:05         1.817.088 inetcpl.cpl
17.10.2006  12:05           105.984 url.dll
17.10.2006  12:05            40.960 licmgr10.dll
17.10.2006  12:05           192.000 msrating.dll
17.10.2006  12:04           101.376 occache.dll
17.10.2006  12:03            17.408 corpol.dll
17.10.2006  12:00           491.520 jscript.dll
17.10.2006  11:58            12.288 msfeedssync.exe
17.10.2006  11:58            61.952 icardie.dll
17.10.2006  11:58            44.544 pngfilt.dll
17.10.2006  11:58           346.624 dxtmsft.dll
17.10.2006  11:57            36.352 imgutil.dll
17.10.2006  11:57           214.528 dxtrans.dll
17.10.2006  11:57           266.752 iertutil.dll
17.10.2006  11:56            45.568 mshta.exe
17.10.2006  11:55            66.560 tdc.ocx
17.10.2006  11:28            48.128 mshtmler.dll
17.10.2006  11:27           380.928 ieapfltr.dll
17.10.2006  11:19         1.383.424 mshtml.tlb
16.10.2006  22:17         5.623.808 nvdisps.dll
16.10.2006  22:17         5.242.880 nvdispsr.dll
16.10.2006  22:17         3.006.464 nvvitvsr.dll
16.10.2006  22:17         3.067.904 nvgames.dll
16.10.2006  22:17         2.924.544 nvvitvs.dll
16.10.2006  22:17         3.207.168 nvgamesr.dll
16.10.2006  22:17         2.048.000 nvwss.dll
16.10.2006  22:17         2.854.912 nvmoblsr.dll
16.10.2006  22:17           188.416 nvmccss.dll
16.10.2006  22:17           458.752 nvmccssr.dll
16.10.2006  22:17           888.832 nvmobls.dll
16.10.2006  22:17         2.465.792 nvwssr.dll
16.10.2006  12:19           270.336 xpsp3res.dll
13.10.2006  13:35           146.432 nwprovau.dll
n Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: 301C-8067

 Verzeichnis von C:\WINDOWS

31.12.2006  08:37                 0 0.log
31.12.2006  08:37         1.582.971 WindowsUpdate.log
31.12.2006  08:36             2.048 bootstat.dat
31.12.2006  06:56            18.954 SchedLgU.Txt
31.12.2006  06:56               216 wiadebug.log
30.12.2006  13:14                50 wiaservc.log
29.12.2006  23:47             8.934 setupapi.log
29.12.2006  14:40               865 win.ini
29.12.2006  03:58                 0 setuperr.log
28.12.2006  17:15                 0 Sti_Trace.log
28.12.2006  14:03               116 NeroDigital.ini
25.12.2006  14:19         2.359.350 bsetroot.bmp
23.12.2006  21:16             4.039 mozver.dat
21.12.2006  18:44               327 system.ini
02.12.2006  08:40               140 CMMIXER.INI
25.10.2006  22:59           737.280 iun6002.exe (jotti sagt keine malware)
10.10.2006  17:48                26 Lic.xxx 
07.10.2006  20:57                23 BlendSettings.ini

 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: 301C-8067

 Verzeichnis von C:\WINDOWS\temp

 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: 301C-8067

 Verzeichnis von C:\WINDOWS\Downloaded Program Files

 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: 301C-8067

 Verzeichnis von C:\

31.12.2006  12:15                 0 sys.txt
31.12.2006  12:15             1.177 down.txt
31.12.2006  12:15               111 tmp.txt
31.12.2006  12:15             4.682 system.txt
31.12.2006  12:15               126 systemtemp.txt
31.12.2006  12:15           108.048 system32.txt
31.12.2006  08:36     1.610.612.736 pagefile.sys
30.12.2006  00:19               212 boot.ini
29.12.2006  18:30             2.610 ipconfig.txt
22.12.2006  19:26         3.067.482 TVUPlayer.zip
10.10.2006  20:37                 2 AVPCallback.log
04.10.2006  09:23               668 datFind.bat
ich hoffe, dass du da etwas findest, denn ich hab lieber gewissheit und setze windows neu auf, als ungewiss nicht zu wissen, ob der fehler trotz formatierung wieder auftritt.

mfg und einen guten rutsch ins neue jahr

spotting
Dieser Beitrag wurde am 31.12.2006 um 12:26 Uhr von spotting editiert.
Seitenanfang Seitenende
31.12.2006, 14:04
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 man kann deutlich sehen, dass Veraenderungen in der Registry vorgeneommen wurden.
siehe:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

mal sehen, ob wir finden, woran es liegt (dannach veraendern wir die eintraege in der registry....)

1.
http://virus-protect.org/artikel/tools/fixwareout.html
poste den report

2.
poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.12.2006, 15:45
spotting
Member

Themenstarter

Beiträge: 19
#5 joar, ein paar veränderungen habe ich dort vorgenommen,
z.B. www.ntsvcfg.de
dann sind einige windows ordner auf eine andere partition ausgelagert worden,
(d:\programme und d:\desktop)
dann ist die uxtheme.dll von mir gepatcht worden, (der fehler tritt aber auch mit klassischen theme bei deaktiviertem design dienst und in einem neuen benutzer auf)
und dann sind da noch ein paar weitere tweaks eingestellt worden.
(per nlite schon während der installation)

ansonsten habe ich nichts daran verändert... denke ich.

das hier sind die logs, die du möchtest.

Code

Fixwareout 
Last edited 12/06/2006
Post this report in the forums please 
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

...
...
Reg Entries that were deleted 
...

Random Runs removed from HKLM 
...
...
 
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
 
»»»»» Searching by size/names... 
 
»»»»» 
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
 
Other suspects.
 
»»»»» Misc files. 
 
»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check 
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

...

Code

spot - 06-12-31 15:43:36,34    Service Pack 2
ComboFix 06.11.27 - Running from: "D:\Desktop-spot"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 

C:\WINDOWS\system32\taskmgr.com

 
(((((((((((((((((((((((((((((((   Files Created from 2006-11-31 to 2006-12-31  ))))))))))))))))))))))))))))))))))
 
 
2006-12-31    15:41    <DIR>    d--------    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\Ahead
2006-12-31    15:36    <DIR>    d--------    C:\fixwareout
2006-12-30    22:46    668    --a------    C:\datFind.bat
2006-12-29    21:06    <DIR>    d--------    C:\WINDOWS\system32\NtmsData
2006-12-29    14:37    <DIR>    d--------    C:\WINDOWS\system32\ActiveScan
2006-12-28    15:42    <DIR>    d--------    C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IconTweaker
2006-12-28    14:33    3,968    --a------    C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-28    14:33    18,240    --a------    C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-28    10:45    <DIR>    dr-h-----    C:\Dokumente und Einstellungen\spot\Recent
2006-12-27    14:20    1,300    --a------    C:\WINDOWS\system32\cool.dll
2006-12-25    20:43    <DIR>    d--------    C:\Powertoys
2006-12-22    22:57    <DIR>    d--------    C:\portable_firefox_2
2006-12-22    16:26    <DIR>    d--------    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\IrfanView
2006-12-18    21:38    <DIR>    d--------    C:\Dokumente und Einstellungen\spot\.dvdcss
2006-12-16    02:59    <DIR>    d--------    C:\firefox2
2006-12-13    19:30    <DIR>    d--------    C:\Opera
2006-12-02    09:14    <DIR>    d--------    C:\WINDOWS\WBEM
2006-12-02    09:14    <DIR>    d--------    C:\WINDOWS\system32\de-de
2006-12-02    09:13    <DIR>    d--h-c---    C:\WINDOWS\ie7
2006-12-02    09:12    121,856    ---------    C:\WINDOWS\system32\xmllite.dll
2006-12-02    09:12    <DIR>    d--------    C:\WINDOWS\network diagnostic


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-31 15:44    1878    --a------    C:\ComboFix.txt
2006-12-31 15:44    1878    --a------    C:\ComboFix.txt
2006-12-31 14:24    --------    d--------    C:\WINDOWS
2006-12-31 14:24    --------    d--------    C:\WINDOWS
2006-12-31 12:15    4682    --a------    C:\system.txt
2006-12-31 12:15    4682    --a------    C:\system.txt
2006-12-31 12:15    1568    --a------    C:\sys.txt
2006-12-31 12:15    1568    --a------    C:\sys.txt
2006-12-31 12:15    126    --a------    C:\systemtemp.txt
2006-12-31 12:15    126    --a------    C:\systemtemp.txt
2006-12-31 12:15    1177    --a------    C:\down.txt
2006-12-31 12:15    1177    --a------    C:\down.txt
2006-12-31 12:15    111    --a------    C:\tmp.txt
2006-12-31 12:15    111    --a------    C:\tmp.txt
2006-12-31 12:15    108048    --a------    C:\system32.txt
2006-12-31 12:15    108048    --a------    C:\system32.txt
2006-12-31 06:56    --------    d--------    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\Free Download Manager
2006-12-30 11:37    --------    d--------    C:\Downloads
2006-12-30 11:37    --------    d--------    C:\Downloads
2006-12-30 04:58    --------    d--------    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\Macromedia
2006-12-30 00:19    212    ---hs----    C:\boot.ini
2006-12-30 00:19    212    ---hs----    C:\boot.ini
2006-12-29 18:30    2610    --a------    C:\ipconfig.txt
2006-12-29 18:30    2610    --a------    C:\ipconfig.txt
2006-12-28 14:35    --------    d--------    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\AVG7
2006-12-28 14:33    816672    --a------    C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-28 14:33    4224    --a------    C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-28 14:33    28416    --a------    C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-28 00:32    --------    d--------    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\FrostWire
2006-12-22 19:26    3067482    --a------    C:\TVUPlayer.zip
2006-12-22 19:26    3067482    --a------    C:\TVUPlayer.zip
2006-12-22 16:21    --------    d---s----    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\Microsoft
2006-12-22 16:21    --------    d--------    C:\Dokumente und Einstellungen
2006-12-22 16:21    --------    d--------    C:\Dokumente und Einstellungen
2006-12-17 14:06    --------    d--hs----    C:\System Volume Information
2006-12-17 14:06    --------    d--hs----    C:\System Volume Information
2006-12-07 06:29    2374472    --a------    C:\WINDOWS\system32\wmvcore.dll
2006-11-23 07:36    --------    d--------    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\Media Player Classic
2006-11-08 06:06    679424    --a------    C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03    6049280    ---------    C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03    50688    ---------    C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03    458752    ---------    C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03    413696    --a------    C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03    231424    --a------    C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03    180736    ---------    C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03    156160    --a------    C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27    382976    --a------    C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27    229376    --a------    C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26    71680    --a------    C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26    55296    --a------    C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26    54784    --a------    C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26    43008    --a------    C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26    152064    --a------    C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26    13312    --a------    C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26    123904    --a------    C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25    161792    --a------    C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14    1245696    --a------    C:\WINDOWS\system32\msxml4.dll
2006-10-25 22:59    737280    --a------    C:\WINDOWS\iun6002.exe
2006-10-20 02:38    715776    --a------    C:\WINDOWS\system32\sxs.dll
2006-10-18 19:58    34308    --a------    C:\WINDOWS\system32\BASSMOD.dll
2006-10-17 12:06    78336    --a------    C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05    40960    --a------    C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05    206336    ---------    C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05    105984    --a------    C:\WINDOWS\system32\url.dll
2006-10-17 12:04    101376    --a------    C:\WINDOWS\system32\occache.dll
2006-10-17 12:03    17408    --a------    C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58    61952    ---------    C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58    12288    ---------    C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57    36352    --a------    C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57    266752    ---------    C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56    45568    --a------    C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28    48128    --a------    C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27    380928    ---------    C:\WINDOWS\system32\ieapfltr.dll
2006-10-16 22:17    888832    --a------    C:\WINDOWS\system32\nvmobls.dll
2006-10-16 22:17    5623808    --a------    C:\WINDOWS\system32\nvdisps.dll
2006-10-16 22:17    5242880    --a------    C:\WINDOWS\system32\nvdispsr.dll
2006-10-16 22:17    458752    --a------    C:\WINDOWS\system32\nvmccssr.dll
2006-10-16 22:17    3207168    --a------    C:\WINDOWS\system32\nvgamesr.dll
2006-10-16 22:17    3067904    --a------    C:\WINDOWS\system32\nvgames.dll
2006-10-16 22:17    3006464    --a------    C:\WINDOWS\system32\nvvitvsr.dll
2006-10-16 22:17    2924544    --a------    C:\WINDOWS\system32\nvvitvs.dll
2006-10-16 22:17    2854912    --a------    C:\WINDOWS\system32\nvmoblsr.dll
2006-10-16 22:17    2465792    --a------    C:\WINDOWS\system32\nvwssr.dll
2006-10-16 22:17    2048000    --a------    C:\WINDOWS\system32\nvwss.dll
2006-10-16 22:17    188416    --a------    C:\WINDOWS\system32\nvmccss.dll
2006-10-13 13:35    146432    --a------    C:\WINDOWS\system32\nwprovau.dll
2006-10-10 20:37    2    --a------    C:\AVPCallback.log
2006-10-10 20:37    2    --a------    C:\AVPCallback.log
2006-09-06 17:08    40    ---hs----    C:\Dokumente und Einstellungen\spot\Anwendungsdaten\.zreglib
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"NBJ"=""D:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DAEMON Tools"=""d:\\Programme\\DAEMON Tools\\daemon.exe" -lang 1033"
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"C-Media Mixer"="Mixer.exe /startup"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,b5,00,00,00,80,00,00,00,76,00,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
  53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
  65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
  79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
  53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
  65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
  79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000fd
"NoSharedDocuments"=dword:00000001
"NoInternetIcon"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"CDRAutoRun"=dword:00000000
"NoSaveSettings"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableStatusMessages"=dword:00000000
"VerboseStatus"=dword:00000001
"DisableTaskMgr"=dword:00000000
"NoInternetOpenWith"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=dword:00000001
"NoDriveTypeAutoRun"=hex:b5,00,00,00
"ForceClassicControlPanel"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000
"NoResolveTrack"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSharedDocuments"=dword:00000001
"NoInternetIcon"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSharedDocuments"=dword:00000001
"NoInternetIcon"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="D:\\PROGRA~1\\common\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"=""D:\\Programme\\common\\InstallShield\\UpdateService\\issch.exe" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC8Player]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VC8Play"
"hkey"="HKLM"
"command"="D:\\Programme\\Virtual CD v8\\System\\VC8Play.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=dword:00000003
"ose"=dword:00000003
"TUWinStylerThemeSvc"=dword:00000003
"VC8SecS"=dword:00000002
"StarWindService"=dword:00000002
"OOD2000"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]    
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


 
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ 

backup-20061230-161213-252 
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
Completion time: 06-12-31 15:44:22.64 
C:\ComboFix.txt ... 06-12-31 15:44
ich sehe diese logs zum ersten mal, daher kann ich damit nichts mehr anfangen.
ich hoffe, dir geht es anders.

mfg spotting
Dieser Beitrag wurde am 31.12.2006 um 15:50 Uhr von spotting editiert.
Seitenanfang Seitenende
31.12.2006, 16:02
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 bevor wie in der registry aufrauemen ;)

««
http://www.f-secure.com/blacklight/
starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei - poste das log

««
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\cool.dll

poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.12.2006, 17:02
spotting
Member

Themenstarter

Beiträge: 19
#7

Code

12/31/06 16:37:21 [Info]: BlackLight Engine 1.0.55 initialized
12/31/06 16:37:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/31/06 16:37:21 [Note]: 7019 4
12/31/06 16:37:21 [Note]: 7005 0
12/31/06 16:37:24 [Note]: 7006 0
12/31/06 16:37:24 [Note]: 7011 1768
12/31/06 16:37:24 [Note]: 7026 0
12/31/06 16:37:25 [Note]: 7026 0
12/31/06 16:37:31 [Note]: FSRAW library version 1.7.1021
12/31/06 16:41:20 [Note]: 7007 0
und

von virustotal, (bei Jotti hab ich die datei auch schon mal getestet, aber keinen virus gefunden,=

AntiVir 7.3.0.21 12.30.2006 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 12.31.2006 no virus found
BitDefender 7.2 12.31.2006 no virus found
CAT-QuickHeal 8.00 12.31.2006 no virus found
ClamAV devel-20060426 12.31.2006 no virus found
DrWeb 4.33 12.31.2006 no virus found
eSafe 7.0.14.0 12.31.2006 no virus found
eTrust-InoculateIT 23.73.102 12.30.2006 no virus found
eTrust-Vet 30.3.3289 12.29.2006 no virus found
Ewido 4.0 12.31.2006 no virus found
Fortinet 2.82.0.0 12.31.2006 no virus found
F-Prot 3.16f 12.30.2006 no virus found
F-Prot4 4.2.1.29 12.30.2006 no virus found
Ikarus T3.1.0.27 12.31.2006 no virus found
Kaspersky 4.0.2.24 12.31.2006 no virus found
McAfee 4929 12.29.2006 no virus found
Microsoft 1.1904 12.31.2006 no virus found
NOD32v2 1949 12.30.2006 no virus found
Norman 5.80.02 12.31.2006 no virus found
Panda 9.0.0.4 12.31.2006 no virus found
Prevx1 V2 12.31.2006 no virus found
Sophos 4.13.0 12.30.2006 no virus found
Sunbelt 2.2.907.0 12.18.2006 no virus found
TheHacker 6.0.3.139 12.29.2006 no virus found
UNA 1.83 12.29.2006 no virus found
VBA32 3.11.1 12.30.2006 no virus found
VirusBuster 4.3.19:9 12.31.2006 no virus found

Aditional Information
File size: 1300 bytes


danach habe ich mal mit process explorer nach der datei gesucht, sie wird von keinem aktiven prozess genutzt.

mfg spotting

Anhang: cool.dll
Dieser Beitrag wurde am 31.12.2006 um 17:08 Uhr von spotting editiert.
Seitenanfang Seitenende
31.12.2006, 17:08
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 gehe in die registry und stelle alle diese eintraege auf 0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=dword:00000001
"NoInternetIcon"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001
"NoSaveSettings"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"VerboseStatus"=dword:00000001
"DisableTaskMgr"=dword:00000000
"NoInternetOpenWith"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=dword:00000001
"ForceClassicControlPanel"=dword:00000001
"NoResolveTrack"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=dword:00000001
"NoInternetIcon"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=dword:00000001
"NoInternetIcon"=dword:00000001
"NoResolveTrack"=dword:00000001
"LinkResolveIgnoreLinkInfo "=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001
"NoSMHelp"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001

PC neustarten

»»
dann berichte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.12.2006, 17:41
spotting
Member

Themenstarter

Beiträge: 19
#9 also, die veränderungen mit regcool umgesetzt,

system neugestartet.

erste veränderung, das laden der benutzereinstellungen dauert jetzt 5 sekunden länger.

dann opera gestartet um meldung zu machen, und zu testen,
und ich kam neben einem letzten tab von google.de auf diese seite.

http://www.google.de/t27472.htm
obwohl in der adressleiste dies hier stand.
http://board.protecus.de/t27472.htm
beim aufrufen von
http://board.protecus.de/
kam ich auf die richtige google.de seite.

ergo, das problem ist immer noch vorhanden.

ich hoffe, du weißt noch mehr, dass ich machen kann,

mfg spotting

edit,
aus spass an der freud habe ich jetzt dies hier auch einmal gemacht,
vlt kannst du damit etwas anfangen.

http://virus-protect.org/winpfind.html

Code

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 31.12.2006 18:54:30
WinPFind v1.5.0    Folder = D:\Desktop-spot\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack               18.03.2005 16:19:58         2337488    C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack               26.05.2005 14:34:52         2297552    C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack               22.07.2005 18:59:04         2319568    C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack               05.12.2005 17:09:18         2323664    C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack               03.02.2006 07:43:16         2332368    C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack               31.03.2006 11:40:58         2388176    C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2                 28.03.2001 12:00:00         41118      C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2                 07.12.2005 18:05:52         573952     C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2           07.12.2005 18:05:52         573952     C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PTech                19.06.2006 15:19:42         571184     C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2           08.12.2006 00:13:44         10716584   C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack               08.12.2006 00:13:44         10716584   C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack               28.03.2001 12:00:00         733696     C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD                 28.03.2001 12:00:00         260096     C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor             28.03.2001 12:00:00         686592     C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync              28.03.2001 12:00:00         1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech                19.06.2006 15:19:26         304944     C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
UPX!                 28.12.2006 14:33:02         816672     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG!                 28.12.2006 14:33:02         816672     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2                 28.12.2006 14:33:02         816672     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack               28.12.2006 14:33:02         816672     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     31.12.2006 18:19:58       S 2048       C:\WINDOWS\bootstat.dat ()
                     17.11.2006 18:57:16       S 42920      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat ()
                     08.12.2006 03:11:16       S 9090       C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
                     08.11.2006 06:24:00       S 11671      C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat ()
                     31.12.2006 18:21:16      H  1024       C:\WINDOWS\system32\config\default.LOG ()
                     31.12.2006 18:20:20      H  1024       C:\WINDOWS\system32\config\SAM.LOG ()
                     31.12.2006 18:31:14      H  1024       C:\WINDOWS\system32\config\SECURITY.LOG ()
                     31.12.2006 18:54:30      H  1024       C:\WINDOWS\system32\config\software.LOG ()
                     31.12.2006 18:25:30      H  1024       C:\WINDOWS\system32\config\system.LOG ()
                     15.12.2006 23:04:58      H  1024       C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
                     31.12.2006 18:20:00      H  6          C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
                     25.05.2004 16:06:58         417792     C:\WINDOWS\SYSTEM32\ac3filter.cpl ()
                     28.03.2001 12:00:00         555008     C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         110592     C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
                     29.07.2004 12:56:00         221184     C:\WINDOWS\SYSTEM32\cttune.cpl ()
                     28.03.2001 12:00:00         138240     C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
                     30.09.2004 16:17:14         135168     C:\WINDOWS\SYSTEM32\Directx.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         80384      C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         157184     C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
                     17.10.2006 12:05:48         1817088    C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         133120     C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         381440     C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
                     16.06.2004 05:03:30         73728      C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
                     28.03.2001 12:00:00         69632      C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
                     10.11.2005 13:03:50         49265      C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
                     28.03.2001 12:00:00         189440     C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         625152     C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         35840      C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
                     09.10.2002 12:36:14         57344      C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl (Ahead Software AG)
                     28.03.2001 12:00:00         25600      C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         260096     C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
                     11.08.2006 20:43:00         69632      C:\WINDOWS\SYSTEM32\nvcpl.cpl (NVIDIA Corporation)
                     29.10.2004 21:50:00         73728      C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
                     28.03.2001 12:00:00         32768      C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         117248     C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         303104     C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         28160      C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         94208      C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         148480     C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
                     26.05.2005 04:16:22         174872     C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         896512     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         416256     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         80384      C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         157184     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
                     17.10.2006 12:05:48         1817088    C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         269824     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         1851392    C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         206336     C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
                     10.11.2005 13:03:50         188529     C:\WINDOWS\SYSTEM32\dllcache\jpicpl32.cpl (Sun Microsystems, Inc.)
                     28.03.2001 12:00:00         923648     C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         1605632    C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         25600      C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         432128     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         208896     C:\WINDOWS\SYSTEM32\dllcache\nvtuicpl.cpl ()
                     28.03.2001 12:00:00         192512     C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         267264     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         962048     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         166400     C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         411136     C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         518656     C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
                     26.05.2005 04:16:22         869656     C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
                     28.03.2001 12:00:00         2301952    C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\cmicnfg.cpl (C-Media Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{33564D57-0000-0010-8000-00AA00389B71} -  - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} -  - CodeBase = http://active.macromedia.com/flash2/cabs/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     09.01.2006 18:48:24      HS 84         C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()
                     09.01.2006 22:21:50         895        C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     09.01.2006 18:30:48      HS 62         C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini ()
                     13.09.2006 21:57:18         1404       C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
                     09.01.2006 18:48:24      HS 84         C:\Dokumente und Einstellungen\spot\Startmenü\Programme\Autostart\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
                     06.09.2006 17:08:14      HS 40         C:\Dokumente und Einstellungen\spot\Anwendungsdaten\.zreglib ()
                     09.01.2006 18:30:48      HS 62         C:\Dokumente und Einstellungen\spot\Anwendungsdaten\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
  \\Start Page - about:blank
  \\Search Bar - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
  \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  \\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
  \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
  \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  \\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
  \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
  \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
  \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
  \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer-Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
  \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
  \ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
  \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} - &Links = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
  \\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = 
  \\NEXTID - 8193

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shellerweiterungen für die Dateikomprimierung =  ()
  \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontextmenü für die Verschlüsselung =  ()
  \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskleiste und Startmenü =  ()
  \\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow =  ()
  \\{7A9D77BD-5403-11d2-8785-2E0420524153} - Benutzerkonten =  ()
  \\{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - UnlockerShellExtension = C:\Programme\Unlocker\UnlockerCOM.dll ()
  \\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = D:\Programme\7-Zip\7-zip.dll ()
  \\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (Alcohol Soft Development Team)
  \\{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} - Haali Matroska Thumbnail Exctractor =  ()
  \\{58670320-13EC-11D0-BF8E-F7B4D9CD8E4A} - Folder Size Shell Extension v3.2 =  ()
  \\{73B24247-042E-4EF5-ADC2-42F62E6FD654} - ICQ Lite Shell Extension =  ()
  \\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = D:\Programme\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
  \\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = D:\Programme\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
  \\{A5110426-177D-4e08-AB3F-785F10B4439C} - Eigene Telefone = D:\Sony\Mobile\File Manager\fmgrgui.dll (Sony Ericsson Mobile Communications AB)
  \\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = D:\Programme\Illustrate\dBpowerAMP\dBShell.dll ()
  \\{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = D:\Programme\Illustrate\dBpowerAMP\dMCShell.dll ()
  \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
  \\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
  \\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
  \\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
  \\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
  \\{709C6E11-538F-4759-86AC-6ACB302AA0DE} - Desktop Manager = C:\WINDOWS\system32\msvdm.dll ()
  \\ -  =  ()
  \\{08267B21-223F-11d3-ACD4-004F4902B913} - Desktop Architect =  ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
  \7-Zip - {23170F69-40C1-278A-1000-000100020000} = D:\Programme\7-Zip\7-zip.dll ()
  \AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Programme\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
  \digestIT 2004 - {21EA22EF-1773-11D8-8EB8-0050BF643EE7} = D:\Programme\digestIT 2004\digestIT.dll (Kenneth Ballard)
  \miranda.shlext - {72013A26-A94C-11d6-8540-A5E62932711D} =  ()
  \MyPhoneExplorer - {2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E} = D:\Programme\MyPhoneExplorer\DLL\ShellMgr.dll (F.J. Wechselberger)
  \ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Programme\WinAce\arcext.dll (e-merge GmbH)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
  \UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programme\Unlocker\UnlockerCOM.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
  \7-Zip - {23170F69-40C1-278A-1000-000100020000} = D:\Programme\7-Zip\7-zip.dll ()
  \miranda.shlext - {72013A26-A94C-11d6-8540-A5E62932711D} =  ()
  \ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Programme\WinAce\arcext.dll (e-merge GmbH)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
  \00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
  \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
  \AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Programme\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
  \UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programme\Unlocker\UnlockerCOM.dll ()
  \{05462CF6-5479-4E53-9835-D9B58F3A95CC} -  = D:\Programme\Virtual CD v8\System\vc8extse.dll (H+H Software GmbH)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
  \{0561EC90-CE54-4f0c-9C55-E226110A740C} - Haali Column Provider = D:\Programme\Haali\MatroskaSplitter\mmfinfo.dll ()
  \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = D:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
  \{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Column Handler = D:\Programme\Illustrate\dBpowerAMP\dBShell.dll ()

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  DAEMON Tools - d:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
  AVG7_CC - D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)
  C-Media Mixer - C:\WINDOWS\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
  Cmaudio - RunDll32 cmicnfg.cpl ()
  NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
  nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
  NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
  CoolSwitch - C:\WINDOWS\system32\taskswitch.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
  IMAIL    Installed = 1
  MAPI    Installed = 1
  MSFS    Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
  C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()
  C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk - C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
  C:\Dokumente und Einstellungen\spot\Startmenü\Programme\Autostart\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
    Adobe LM Service    3
    ose    3
    TUWinStylerThemeSvc    3
    VC8SecS    2
    StarWindService    2
    OOD2000    2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
    key    SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    ctfmon
    hkey    HKCU
    command    C:\WINDOWS\system32\ctfmon.exe
    inimapping    0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup
    key    SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    ISUSPM
    hkey    HKLM
    command    D:\PROGRA~1\common\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    inimapping    0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler
    key    SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    issch
    hkey    HKLM
    command    "D:\Programme\common\InstallShield\UpdateService\issch.exe" -start
    inimapping    0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
    key    SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    dumprep 0 -k
    hkey    HKLM
    command    %systemroot%\system32\dumprep 0 -k
    inimapping    0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VC8Player
    key    SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item    VC8Play
    hkey    HKLM
    command    D:\Programme\Virtual CD v8\System\VC8Play.exe
    inimapping    0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini    1
    win.ini    1
    bootini    0
    services    2
    startup    2


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
  \Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
  \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
  \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
  \\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
  \\UserInit = C:\WINDOWS\system32\userinit.exe,
  \\Shell = Explorer.exe
  \\System = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
  \crypt32chain - crypt32.dll = (Microsoft Corporation)
  \cryptnet - cryptnet.dll = (Microsoft Corporation)
  \cscdll - cscdll.dll = (Microsoft Corporation)
  \ScCertProp - wlnotify.dll = (Microsoft Corporation)
  \Schedule - wlnotify.dll = (Microsoft Corporation)
  \sclgntfy - sclgntfy.dll = (Microsoft Corporation)
  \SensLogn - WlNotify.dll = (Microsoft Corporation)
  \termsrv - wlnotify.dll = (Microsoft Corporation)
  \WgaLogon -  = ()
  \wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
  {741927B6-FCB5-432B-A46A-CA0D463B5FDF} -   (Gigaset USB Adapter 54)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
  \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
  \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
  \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
  \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
  \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
  \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
  \000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
  \msdaipp -  ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
  \text/xml -  ()

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Edit2:

Eine sache noch,

Einen guten Start in das Neue Jahr.

mfg




EDIT 3

erstmal nur als edit, bislang scheinen die tips mit der reg datei und dem zurücksetzen der hosts datei (wobei ich auch noch den schreibschutz für die hosts datei gesezt habe) zu funktionieren.

das kann ich aber nach 15 minuten noch nicht 100% sagen, ich werde mich in den nächsten tagen noch einmal melden wenn der fehler nicht auftritt. ansonsten bin ich sofort wieder hir. bis dahin erstmal vielen dank
und natürlich die frage, woher weißt du das alles. ... oder hast du nur geraten und der reihe nach ausprobiert? mfg spotting
Dieser Beitrag wurde am 31.12.2006 um 19:49 Uhr von spotting editiert.
Seitenanfang Seitenende
31.12.2006, 19:25
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
»»
wieder in den normalmodus booten

««
Hoster.zip
http://www.funkytoad.com/download/hoster.zip

Press 'Restore Original Hosts' and press 'OK'
Exit Program.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.01.2007, 10:26
spotting
Member

Themenstarter

Beiträge: 19
#11 ich hoffe, du bist gut ins neue jahr gekommen.

also, noch ist nicht alles in ordnung.

ich habe die reg datei gestern eingetragen
(im abgesicherten modus)

und mit der hoster.zip die hosts datei neu geschrieben. (und dabei auch gleich schreibgeschützt)

dann schien das problem gestern abend erstmal behoben zu sein, heute stell ich den rechner neu an, und hatte nach 20 minuten das problem, wie ich es oben unter punkt 3 beschrieben habe. anstatt auf die richtige adresse zu gelangen komme ich auf eine seite, die auf dem gleichen server liegt.
dieser fehler ist mir bislang erst nur auf einer seite aufgefallen.
und zwar gelange ich mit jedem browser auf
rune.elbone.net/
anstatt auf board.raidrush.to

problematisch ist jedoch, dass ich via irc andere kenne, die zeitgleich auf die richtige adresse gelangen. also liegt der fehler nicht am server.

was auch intterresant ist, deiner reg datei zu folge, die ich im abgesicherten modus in importiert habe, müsste der wert für
Post Platform\"SV1"=""
entweder leer oder gleich null sein, dort steht jedoch jetzt eine 1 als regsz wert. (oder verstehe ich da etwas falsch?)

mfg spotting
Seitenanfang Seitenende
01.01.2007, 13:52
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 poste bitte das neue log von winpfind, ich schaue noch mal nach ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.01.2007, 15:47
spotting
Member

Themenstarter

Beiträge: 19
#13 WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 01.01.2007 15:24:45
WinPFind v1.5.0 Folder = D:\Desktop-spot\REPAIR\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 18.03.2005 16:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 26.05.2005 14:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 22.07.2005 18:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 05.12.2005 17:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 03.02.2006 07:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 31.03.2006 11:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 28.03.2001 12:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 07.12.2005 18:05:52 573952 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 07.12.2005 18:05:52 573952 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PTech 19.06.2006 15:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 08.12.2006 00:13:44 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 08.12.2006 00:13:44 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 28.03.2001 12:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 28.03.2001 12:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 28.03.2001 12:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 28.03.2001 12:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 19.06.2006 15:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
UPX! 28.12.2006 14:33:02 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 28.12.2006 14:33:02 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 28.12.2006 14:33:02 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 28.12.2006 14:33:02 816672 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
01.01.2007 15:23:18 S 2048 C:\WINDOWS\bootstat.dat ()
17.11.2006 18:57:16 S 42920 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat ()
08.12.2006 03:11:16 S 9090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()
08.11.2006 06:24:00 S 11671 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat ()
01.01.2007 15:24:20 H 1024 C:\WINDOWS\system32\config\default.LOG ()
01.01.2007 15:23:24 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
01.01.2007 15:23:30 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
01.01.2007 15:27:40 H 1024 C:\WINDOWS\system32\config\software.LOG ()
01.01.2007 15:27:42 H 1024 C:\WINDOWS\system32\config\system.LOG ()
15.12.2006 23:04:58 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
31.12.2006 22:44:42 H 81 C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini ()
01.01.2007 15:23:20 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
25.05.2004 16:06:58 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl ()
28.03.2001 12:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
28.03.2001 12:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
29.07.2004 12:56:00 221184 C:\WINDOWS\SYSTEM32\cttune.cpl ()
28.03.2001 12:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
30.09.2004 16:17:14 135168 C:\WINDOWS\SYSTEM32\Directx.cpl (Microsoft Corporation)
28.03.2001 12:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
28.03.2001 12:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
17.10.2006 12:05:48 1817088 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
28.03.2001 12:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
28.03.2001 12:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
16.06.2004 05:03:30 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl (InstallShield Software Corporation)
28.03.2001 12:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
28.03.2001 12:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
28.03.2001 12:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
28.03.2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
09.10.2002 12:36:14 57344 C:\WINDOWS\SYSTEM32\NeroBurnRights.cpl (Ahead Software AG)
28.03.2001 12:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
28.03.2001 12:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
11.08.2006 20:43:00 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl (NVIDIA Corporation)
29.10.2004 21:50:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
28.03.2001 12:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
28.03.2001 12:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
28.03.2001 12:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
28.03.2001 12:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
28.03.2001 12:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
28.03.2001 12:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
28.03.2001 12:00:00 896512 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
28.03.2001 12:00:00 416256 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
28.03.2001 12:00:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
28.03.2001 12:00:00 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
17.10.2006 12:05:48 1817088 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
28.03.2001 12:00:00 269824 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
28.03.2001 12:00:00 1851392 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl (Microsoft Corporation)
28.03.2001 12:00:00 206336 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
10.11.2005 13:03:50 188529 C:\WINDOWS\SYSTEM32\dllcache\jpicpl32.cpl (Sun Microsystems, Inc.)
28.03.2001 12:00:00 923648 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
28.03.2001 12:00:00 1605632 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
28.03.2001 12:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
28.03.2001 12:00:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
28.03.2001 12:00:00 432128 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
28.03.2001 12:00:00 208896 C:\WINDOWS\SYSTEM32\dllcache\nvtuicpl.cpl ()
28.03.2001 12:00:00 192512 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
28.03.2001 12:00:00 267264 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
28.03.2001 12:00:00 962048 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
28.03.2001 12:00:00 166400 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
28.03.2001 12:00:00 411136 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
28.03.2001 12:00:00 518656 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
26.05.2005 04:16:22 869656 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
28.03.2001 12:00:00 2301952 C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\cmicnfg.cpl (C-Media Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{33564D57-0000-0010-8000-00AA00389B71} - - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - Zenturi Active Programs Control - CodeBase = http://www.programchecker.com/dll/nixon.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://active.macromedia.com/flash2/cabs/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
09.01.2006 18:48:24 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()
09.01.2006 22:21:50 895 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
09.01.2006 18:30:48 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini ()
13.09.2006 21:57:18 1404 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
09.01.2006 18:48:24 HS 84 C:\Dokumente und Einstellungen\spot\Startmenü\Programme\Autostart\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
06.09.2006 17:08:14 HS 40 C:\Dokumente und Einstellungen\spot\Anwendungsdaten\.zreglib ()
09.01.2006 18:30:48 HS 62 C:\Dokumente und Einstellungen\spot\Anwendungsdaten\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - about:blank
\\Search Bar - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer-Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} - &Links = C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 =
\\NEXTID - 8193

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shellerweiterungen für die Dateikomprimierung = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontextmenü für die Verschlüsselung = ()
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskleiste und Startmenü = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Benutzerkonten = ()
\\{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - UnlockerShellExtension = C:\Programme\Unlocker\UnlockerCOM.dll ()
\\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = D:\Programme\7-Zip\7-zip.dll ()
\\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = D:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll (Alcohol Soft Development Team)
\\{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} - Haali Matroska Thumbnail Exctractor = ()
\\{58670320-13EC-11D0-BF8E-F7B4D9CD8E4A} - Folder Size Shell Extension v3.2 = ()
\\{73B24247-042E-4EF5-ADC2-42F62E6FD654} - ICQ Lite Shell Extension = ()
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = D:\Programme\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = D:\Programme\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\\{A5110426-177D-4e08-AB3F-785F10B4439C} - Eigene Telefone = D:\Sony\Mobile\File Manager\fmgrgui.dll (Sony Ericsson Mobile Communications AB)
\\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = D:\Programme\Illustrate\dBpowerAMP\dBShell.dll ()
\\{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = D:\Programme\Illustrate\dBpowerAMP\dMCShell.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{709C6E11-538F-4759-86AC-6ACB302AA0DE} - Desktop Manager = C:\WINDOWS\system32\msvdm.dll ()
\\ - = ()
\\{08267B21-223F-11d3-ACD4-004F4902B913} - Desktop Architect = ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = D:\Programme\7-Zip\7-zip.dll ()
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Programme\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\digestIT 2004 - {21EA22EF-1773-11D8-8EB8-0050BF643EE7} = D:\Programme\digestIT 2004\digestIT.dll (Kenneth Ballard)
\miranda.shlext - {72013A26-A94C-11d6-8540-A5E62932711D} = ()
\MyPhoneExplorer - {2D30AAA2-9084-4686-B8B9-B9B62EEFFD4E} = D:\Programme\MyPhoneExplorer\DLL\ShellMgr.dll (F.J. Wechselberger)
\ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Programme\WinAce\arcext.dll (e-merge GmbH)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
\UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programme\Unlocker\UnlockerCOM.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = D:\Programme\7-Zip\7-zip.dll ()
\miranda.shlext - {72013A26-A94C-11d6-8540-A5E62932711D} = ()
\ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = D:\Programme\WinAce\arcext.dll (e-merge GmbH)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = D:\Programme\Grisoft\AVG Free\avgse.dll (GRISOFT, s.r.o.)
\UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Programme\Unlocker\UnlockerCOM.dll ()
\{05462CF6-5479-4E53-9835-D9B58F3A95CC} - = D:\Programme\Virtual CD v8\System\vc8extse.dll (H+H Software GmbH)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{0561EC90-CE54-4f0c-9C55-E226110A740C} - Haali Column Provider = D:\Programme\Haali\MatroskaSplitter\mmfinfo.dll ()
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = D:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Column Handler = D:\Programme\Illustrate\dBpowerAMP\dBShell.dll ()

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
DAEMON Tools - d:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
AVG7_CC - D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe (GRISOFT, s.r.o.)
C-Media Mixer - C:\WINDOWS\Mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
Cmaudio - RunDll32 cmicnfg.cpl ()
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll ()
CoolSwitch - C:\WINDOWS\system32\taskswitch.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk - C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Dokumente und Einstellungen\spot\Startmenü\Programme\Autostart\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Adobe LM Service 3
ose 3
TUWinStylerThemeSvc 3
VC8SecS 2
StarWindService 2
OOD2000 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ISUSPM
hkey HKLM
command D:\PROGRA~1\common\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item issch
hkey HKLM
command "D:\Programme\common\InstallShield\UpdateService\issch.exe" -start
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KernelFaultCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item dumprep 0 -k
hkey HKLM
command %systemroot%\system32\dumprep 0 -k
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VC8Player
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VC8Play
hkey HKLM
command D:\Programme\Virtual CD v8\System\VC8Play.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 1
win.ini 1
bootini 0
services 2
startup 2


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 - 0

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - = ()
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{741927B6-FCB5-432B-A46A-CA0D463B5FDF} - (Gigaset USB Adapter 54)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
\text/xml - ()

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


mfg
Seitenanfang Seitenende
01.01.2007, 15:58
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 wir machen es mal anders:

lade L2mfix- 2.Proggie auf der seite
http://virus-protect.org/l2mfix.html

Doppel-klicken Datei l2mfix.bat - gib 1 ein , lasse scannen und poste das log
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.01.2007, 17:08
spotting
Member

Themenstarter

Beiträge: 19
#15 nun, der scan dauerte keine minuten sondern gab mir fast in echtzeit dieses log aus.

Code

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"="0"

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite fr vorherige Versionen"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Shell Microsoft AutoComplete"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}"="History Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"="UnlockerShellExtension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{E4D8441D-F89C-4b5c-90AC-A857E1768F1F}"="Haali Matroska Thumbnail Exctractor"
"{58670320-13EC-11D0-BF8E-F7B4D9CD8E4A}"="Folder Size Shell Extension v3.2"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{A5110426-177D-4e08-AB3F-785F10B4439C}"="Eigene Telefone"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}"="Desktop Manager"
@=""
"{08267B21-223F-11d3-ACD4-004F4902B913}"="Desktop Architect"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\AutorunsDisabled]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung"
"{72013A26-A94C-11d6-8540-A5E62932711D}"="shlext (1.0.6.6) - context menu support for Miranda v0.3.0.0+"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Context Menu Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 DragDrop Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Property Sheet Shell Extension"
"{0561EC90-CE54-4f0c-9C55-E226110A740C}"="Haali Column Provider"
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
   admparse.dll   Tue  7 Nov 2006   3:26:44   A....         71.680    70,00 K
   advpack.dll    Tue  7 Nov 2006   3:26:24   A....        123.904   121,00 K
   bassmod.dll    Wed 18 Oct 2006  19:58:40   A....         34.308    33,50 K
   corpol.dll     Tue 17 Oct 2006  12:03:56   A....         17.408    17,00 K
   dxtmsft.dll    Tue 17 Oct 2006  11:58:06   A....        346.624   338,50 K
   dxtrans.dll    Tue 17 Oct 2006  11:57:50   A....        214.528   209,50 K
   extmgr.dll     Tue  7 Nov 2006  21:03:36   A....        131.584   128,50 K
   icardie.dll    Tue 17 Oct 2006  11:58:20   .....         61.952    60,50 K
   ieakeng.dll    Tue  7 Nov 2006   3:26:56   A....        152.064   148,50 K
   ieakui.dll     Tue  7 Nov 2006   3:25:14   A....        161.792   158,00 K
   ieapfltr.dll   Tue 17 Oct 2006  11:27:56   .....        380.928   372,00 K
   iedkcs32.dll   Tue  7 Nov 2006   3:27:10   A....        382.976   374,00 K
   ieencode.dll   Tue 17 Oct 2006  12:06:00   A....         78.336    76,50 K
   ieframe.dll    Tue  7 Nov 2006  21:03:36   .....      6.049.280     5,77 M
   iepeers.dll    Tue  7 Nov 2006  21:03:36   A....        191.488   187,00 K
   iernonce.dll   Tue  7 Nov 2006   3:26:28   A....         43.008    42,00 K
   iertutil.dll   Tue 17 Oct 2006  11:57:20   .....        266.752   260,50 K
   iesetup.dll    Tue  7 Nov 2006   3:26:42   A....         55.296    54,00 K
   ieui.dll       Tue  7 Nov 2006  21:03:36   .....        180.736   176,50 K
   imgutil.dll    Tue 17 Oct 2006  11:57:58   A....         36.352    35,50 K
   inetcomm.dll   Wed  8 Nov 2006   6:06:12   A....        679.424   663,50 K
   inseng.dll     Tue  7 Nov 2006   3:26:24   A....         92.672    90,50 K
   jscript.dll    Tue 17 Oct 2006  12:00:00   A....        491.520   480,00 K
   jsproxy.dll    Tue  7 Nov 2006  21:03:36   A....         27.136    26,50 K
   licmgr10.dll   Tue 17 Oct 2006  12:05:10   A....         40.960    40,00 K
   msfeeds.dll    Tue  7 Nov 2006  21:03:36   .....        458.752   448,00 K
   msfeed~1.dll   Tue  7 Nov 2006  21:03:36   .....         50.688    49,50 K
   mshtml.dll     Tue  7 Nov 2006  21:03:36   A....      3.577.856     3,41 M
   mshtmled.dll   Tue  7 Nov 2006  21:03:36   A....        475.648   464,50 K
   mshtmler.dll   Tue 17 Oct 2006  11:28:56   A....         48.128    47,00 K
   msls31.dll     Tue  7 Nov 2006  21:03:36   A....        156.160   152,50 K
   msrating.dll   Tue 17 Oct 2006  12:05:10   A....        192.000   187,50 K
   mstime.dll     Tue  7 Nov 2006  21:03:36   A....        670.720   655,00 K
   msxml4.dll     Sat  4 Nov 2006  14:14:00   A....      1.245.696     1,19 M
   nvdisps.dll    Mon 16 Oct 2006  22:17:00   A....      5.623.808     5,36 M
   nvdispsr.dll   Mon 16 Oct 2006  22:17:00   A....      5.242.880     5,00 M
   nvgames.dll    Mon 16 Oct 2006  22:17:00   A....      3.067.904     2,93 M
   nvgamesr.dll   Mon 16 Oct 2006  22:17:00   A....      3.207.168     3,06 M
   nvmccss.dll    Mon 16 Oct 2006  22:17:00   A....        188.416   184,00 K
   nvmccssr.dll   Mon 16 Oct 2006  22:17:00   A....        458.752   448,00 K
   nvmobls.dll    Mon 16 Oct 2006  22:17:00   A....        888.832   868,00 K
   nvmoblsr.dll   Mon 16 Oct 2006  22:17:00   A....      2.854.912     2,72 M
   nvvitvs.dll    Mon 16 Oct 2006  22:17:00   A....      2.924.544     2,79 M
   nvvitvsr.dll   Mon 16 Oct 2006  22:17:00   A....      3.006.464     2,87 M
   nvwss.dll      Mon 16 Oct 2006  22:17:00   A....      2.048.000     1,95 M
   nvwssr.dll     Mon 16 Oct 2006  22:17:00   A....      2.465.792     2,35 M
   nwprovau.dll   Fri 13 Oct 2006  13:35:14   A....        146.432   143,00 K
   occache.dll    Tue 17 Oct 2006  12:04:46   A....        101.376    99,00 K
   pngfilt.dll    Tue 17 Oct 2006  11:58:08   A....         44.544    43,50 K
   sxs.dll        Fri 20 Oct 2006   2:38:26   A....        715.776   699,00 K
   url.dll        Tue 17 Oct 2006  12:05:22   A....        105.984   103,50 K
   urlmon.dll     Tue  7 Nov 2006  21:03:36   A....      1.162.240     1,11 M
   vbscript.dll   Tue  7 Nov 2006  21:03:36   A....        413.696   404,00 K
   webcheck.dll   Tue  7 Nov 2006  21:03:36   A....        231.424   226,00 K
   wininet.dll    Tue  7 Nov 2006  21:03:36   A....        818.688   799,50 K
   wmvcore.dll    Thu  7 Dec 2006   6:29:34   A....      2.374.472     2,26 M
   xpsp3res.dll   Mon 16 Oct 2006  12:19:10   A....        270.336   264,00 K

57 items found:  57 files, 0 directories.
   Total of file sizes:  55.550.796 bytes     52,98 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: 301C-8067

 Verzeichnis von C:\WINDOWS\System32

31.12.2006  22:32    <DIR>          dllcache
31.03.2006  10:30             6.144 Thumbs.db
09.01.2006  18:55    <DIR>          Microsoft
               1 Datei(en)          6.144 Bytes
               2 Verzeichnis(se),  3.269.533.696 Bytes frei
ich hoffe, das hilft weiter.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12