|
Log-Analyse und Auswertung: große pc probleme. mal log checken :) (silentrunners)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.10.2011, 16:35 | #1 |
| große pc probleme. mal log checken :) (silentrunners) Hier mein silentrunner logfile. "Silent Runners.vbs", revision 63, hxxp://www.silentrunners.org/ Operating System: Windows Vista SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "LightScribe Control Panel" = "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" ["Hewlett-Packard Company"] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS] "Google Update" = ""C:\Users\Irene\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide" "StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" [null data] "RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"] "NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "AuditVista" = " " [file not found] "BrMfcWnd" = "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" ["Brother Industries, Ltd."] "ControlCenter3" = "C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" ["Brother Industries, Ltd."] "FreePDF Assistant" = "C:\Program Files\FreePDF_XP\fpassist.exe" [null data] "Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "APSDaemon" = ""C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = "SkypeIEPluginBHO" -> {HKLM...CLSID} = "Skype add-on for Internet Explorer" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{0F596EBD-429A-4DB4-8EB0-DEFC4B061B02}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Mediafour\M4M4APropertyHandler.dll" [file not found] "{078C597B-DCDD-4D0F-AA16-6EE672D1110B}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShelliPodMenu.dll" [file not found] "{D12267B4-252D-409A-86F9-81BACD3DCBB2}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPiPodProperties.dll" [file not found] "{EA849122-BE61-49DC-9EB3-E241FA1A22A9}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPSendToLibrary.dll" [file not found] "{F1EF13C1-6710-4BB8-88E6-A8EC4D7C021C}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{D5D5E899-17DB-4B8A-880C-541C463F9A03}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{E7F87E4D-7F2F-477A-90F7-2CAA694CF515}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{8E34880A-31DA-4098-B5F9-0D7AAE9163A8}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{1FC718D2-ACDF-4E87-B025-78F14FCB8043}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{31E10118-F651-4D4C-9A30-AAB5F7AA4852}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{BEDF9DD9-F218-40DB-A28E-991ED30F4214}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{079D8D57-A854-4E6D-ACF5-7DF962D37D0C}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{57ED6DCE-ED18-4F62-BFFC-82B8F5690A61}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{2D6C5F69-44F7-45C3-8CCE-8965353912F9}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{E45089AE-2127-400F-8757-A8F21401B020}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{9EF7095B-46E0-4198-971D-562ED422EDBD}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found] "{4262B02D-50C7-4769-81B4-FDB437488A04}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPWPDShellNamespace.dll" [file not found] "{A608C290-F3A5-4795-9EBA-2DF5623166F9}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPWPDShellNamespace.dll" [file not found] "{0EEFC612-DA16-4290-B112-C1AFF49042A4}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPWPDShellNamespace.dll" [file not found] "{FE757C4C-2594-4E8C-8BA6-89F88F4B8B06}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPWPDShellNamespace.dll" [file not found] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "Shell" = "C:\Users\Irene\AppData\Local\a98a8884\X" [null data] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> ms-itss\CLSID = "{0A9007C0-4076-11D3-8789-0000F8105754}" -> {HKLM...CLSID} = "Microsoft Infotech Storage Protocol for IE 4.0" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL" [MS] <<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}" -> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS] <<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}" -> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS] <<!>> skype-ie-addon-data\CLSID = "{91774881-D725-4E58-B298-07617B9B86A8}" -> {HKLM...CLSID} = "Skype IE add-on Pluggable Protocol" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."] <<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" -> {HKLM...CLSID} = "IEProtocolHandler Class" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided) -> {HKLM...CLSID} = "NBShellHook Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}" -> {HKLM...CLSID} = "NBShellHook Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ PIDirectoryHook\(Default) = "{E8244BEF-0200-4A1A-BE4E-35A4A9F51C3F}" -> {HKLM...CLSID} = "PI5 CopyHook" \InProcServer32\(Default) = "C:\Program Files\Mozilla Firefox\PhotoImpression 5\share\pihook.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided) -> {HKLM...CLSID} = "NBShellHook Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}" -> {HKLM...CLSID} = "NBShellHook Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ iTunesBurnCDOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.BurnCD" "InvokeVerb" = "burn" HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."] iTunesImportSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ImportSongsOnCD" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."] iTunesPlaySongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.PlaySongsOnCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."] iTunesShowSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ShowSongsOnCD" "InvokeVerb" = "showsongs" HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."] LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] NeroAutoPlay7AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /DialogiscCopy %L" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] Picasa2ImportPicturesOnArrival\ "Provider" = "Picasa3" "InvokeProgID" = "picasa2.autoplay" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."] WIA_{0DC60EAE-1463-44B7-85E2-A43AB36A8FE2}\ "Provider" = "Picasa2" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{23E94846-6AB6-4C08-B1C2-73F9B1127A8B}\ "Provider" = "Picasa2" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{28B7F213-E94F-4EA2-A94D-A7DEFAE8A8D4}\ "Provider" = "Microsoft Office Document Scanning" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{F0F37360-5854-4C4E-B8B9-AF9ECAB2FCE3}\ "Provider" = "Picasa3" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] WIA_{F911C2C0-CB85-4DC9-B23A-17EC9331185E}\ "Provider" = "ControlCenter3" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Brother\ControlCenter3\brctrcen.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] Startup items in "Irene" & "All Users" startup folders: ------------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing LP"] Windows Sidebar Gadgets: ------------------------ C:\Users\Irene\AppData\Local\Microsoft\Windows Sidebar\Settings.ini %PROGRAMFILES%\windows sidebar\gadgets\Clock.gadget %PROGRAMFILES%\windows sidebar\gadgets\SlideShow.Gadget %PROGRAMFILES%\windows sidebar\gadgets\RSSFeeds.Gadget Non-disabled Scheduled Tasks: ----------------------------- C:\Windows\System32\Tasks "GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001Core" -> launches: "C:\Users\Irene\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001UA" -> launches: "C:\Users\Irene\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] "Norton Security Scan for Irene" -> (HIDDEN!) launches: "C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe /scan-quick /scheduled" ["Symantec Corporation"] "Start Registry Reviver" -> launches: "C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe -autorun" [file not found] "{A439BB40-B0DD-487D-948E-DA1AFA814F74}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\Irene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X34EXQ4K\HJTInstall.exe" -d C:\Users\Irene\Desktop" [MS] "{C791566E-54A6-4DAF-8C0F-0153AA08A504}" -> launches: "C:\Windows\system32\pcalua.exe -a D:\Software\Nero\setupx.exe -d D:\Software\Nero" [MS] "{DC5EBC73-8890-4FE5-8708-D8783AA5F901}" -> launches: "C:\Program Files\Skype\Phone\Skype.exe" ["Skype Technologies S.A."] C:\Windows\System32\Tasks\Apple "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}" -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS] "OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS] "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS] "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS] "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS] "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS] "TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}" -> {HKLM...CLSID} = "Transient Multi-Monitor Manager" \InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection "NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}" -> {HKLM...CLSID} = "Nap ITask Handler Implementation" \InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC "RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell "CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}" -> {HKLM...CLSID} = "CrawlStartPages Task Handler" \InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip "IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS] "IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS] "WSHReset" -> (HIDDEN!) launches: "%systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar "Reminders - Irene" -> launches: "C:\Program Files\Windows Calendar\wincal.exe /reminder" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired "GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless "GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data] C:\Windows\System32\Tasks\WPD "SqmUpload_S-1-5-21-1736235967-2657770174-236075978-1001" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "mswsock.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: mswsock.dll [MS], 01 - 18 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ "ButtonText" = "Skype add-on for Internet Explorer" "MenuText" = "Skype add-on for Internet Explorer" "CLSIDExtension" = "{898EA8C8-E7FF-479B-8935-AEC46303B9E5}" -> {HKLM...CLSID} = "Skype add-on for Internet Explorer (toolbar button)" \InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Ati External Event Utility, Ati External Event Utility, "C:\Windows\system32\Ati2evxx.exe" ["ATI Technologies Inc."] BrSplService, Brother XP spl Service, "C:\Windows\system32\brsvc01a.exe" ["brother Industries Ltd"] Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]} LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"] ProtexisLicensing, ProtexisLicensing, "C:\Windows\system32\PSIService.exe" [null data] Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]} Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]} Windows-Dienst für Schriftartencache, FontCache, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\FntCache.dll" [MS]} Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ CNY SELPHY CP LM11\Driver = "CNYMLM11.DLL" ["Canon INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Redirected Port\Driver = "redmonnt.dll" [null data] ---------- (launch time: 2011-10-22 17:22:27) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 64 seconds. ---------- (total run time: 128 seconds) danke schonmal! |
22.10.2011, 16:39 | #2 |
/// Malware-holic | große pc probleme. mal log checken :) (silentrunners) wofür, du wirfst uns hier einfach was hin und erwartest hilfe ohne irgendwelche angaben gemacht zu haben, und hast nicht mal unsere angepinnten topics gelesen?
__________________das wäre das mindeste gewesen :-(
__________________ |
22.10.2011, 16:45 | #3 |
| große pc probleme. mal log checken :) (silentrunners) danke für die schnelle antwort .ja stimmt hast recht sorry bin voll von der rolle. also antivir norton etc lassen sich auch nach Neuinstallation nicht mehr starten. dann wollte ich HijackThis downloaden aber auch die .exe datei lässt sich nicht öffnen. und eure tips mit dem umbennen der datei in .com wollte ich umsetzen doch dann stand da ich habe nicht die berechtigung die datei zu verschieben/umbennen, also wurde ich auch als admin abgesetzt- deshalb kann ich auch kein logfile erstellen. außerdem öffnet sich keine internetseite die irgendwas mit antiviren oder ähnlichm zu tun hat, also auch firefox betroffen. und daruafhin wollte ich euch bitten euch mal das log anzugucken ??
__________________ |
22.10.2011, 16:47 | #4 |
| große pc probleme. mal log checken :) (silentrunners) besser so ? also noch mehr infos habe ich iwie nicht |
22.10.2011, 16:49 | #5 |
/// Malware-holic | große pc probleme. mal log checken :) (silentrunners) ok, dass hättest du auch gleich so haben können :-) bitte schreibe und arbeite immer mit der ruhe, das problem löst sich ja auch nicht, wenn du hecktisch arbeitest. wir werden sicher eine lösung finden. wir versuchen zuerst folgendes: Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.10.2011, 16:59 | #6 |
| große pc probleme. mal log checken :) (silentrunners) hmm da kommen wir ja schon zum 1. problem. silentrunners ging noch aber kein browser öffnet seiten die den virus beschädigen könnten. also ich meine facebook und spiegel.de und so geht alles. sobald ich aber HijackThis oder sogar dieses forum hier öffnen will öffnet sich immer eine beliebbig andere seite. deshal schreibe ich auch grade von nem anderen laptop. also fakt ist ich kann mit dem infizierten oc nicht oldtimer oder ähnliches downloaden.. gibts da noch iwelche möglichkeiten? |
22.10.2011, 17:04 | #7 |
/// Malware-holic | große pc probleme. mal log checken :) (silentrunners) mach mal folgendes. vorbereitung: deaktiviere mal auf dem sauberen pc autorun: Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de somit können keine schädlinge die autorun funktion haben übertragen werden. instaliere dir jetzt panda vaccine: http://www.chip.de/downloads/c1_down...299342&v=3600& hake an: run panda usb vaccine automatically when computer boots automatically vaccine any new insert usb key enable ntfs file suport suche dir jetzt einen stick aus, mit dem wir arbeiten können und stecke ihn ein. öffne panda vaccine und wähle vaccine all drives aus. dass solltest du behalten, falls du mal nen usb stick verleist, ist dieser geschützt und kann nicht so leicht infiziert werden. jetzt deaktiviere am infizierten pc ebenfalls autorun wie in link 1. dann lade auf dem sauberen pc otl und kopiere es auf den infizierten. speichere am ende die logs und kopiere die auf den stick und poste sie dann.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.10.2011, 17:20 | #8 |
| große pc probleme. mal log checken :) (silentrunners) wie meinst du "hake an"? also habe jetzt alles so gemacht wie du es gesat hast.. aber otl öffnet sich zwar auf dem infizierten pc aber wenn ich dann auf "scan" gehe schließt sich das fenster einfach und dann passiert nix mehr, also schließt sich einfach von alleine ??!! und genau so war das mit HijackThis auch. starten ging noch aber immer wenn man dann auf scannen ist hat das von alleine abgebrochen ? |
22.10.2011, 18:24 | #9 |
/// Malware-holic | große pc probleme. mal log checken :) (silentrunners) ok, war ja nur der erste versuch :-) das downloaden und brennen auf dem sauberen pc und dann den infizierten pc mit der neuen cd starten, die logs wieder auf usb stick kopieren und dann über den sauberen pc posten bitte. download: ISO Burner Download - ISO Burner 2.5 • Wenn der Download fertig ist mache ein doppel Klick auf die Datei, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. • Drücke Run Scan um den Scan zu starten. • Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.10.2011, 18:43 | #10 |
| große pc probleme. mal log checken :) (silentrunners) Und nu. Haste noch ne Idee?? Bitte der pc läuft gar nicht mehr weiß nicht weiter lg |
22.10.2011, 18:46 | #11 |
/// Malware-holic | große pc probleme. mal log checken :) (silentrunners) jo, meine idee ist, lies was ich geschrieben hab und machs, steht ja deutlich über deinem post was zu tun ist. aber ich bin heut sowieso bald raus, weiter gehts dann wohl eher morgen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.10.2011, 19:53 | #12 |
| große pc probleme. mal log checken :) (silentrunners) sicher, dass das der richtige link ist.. habs 2 mal geladen un beide male kommt: file is corrupt?! |
23.10.2011, 14:55 | #13 |
/// Malware-holic | große pc probleme. mal log checken :) (silentrunners) genauer, welcher link, sind ja n paar...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
23.10.2011, 16:02 | #14 |
| große pc probleme. mal log checken :) (silentrunners) Otlpen.exe. Dauert so 20 Mina und dann beim Doppelklick gehts bis zu 14% dann kommt das. Hab's bei mehreren PCs probiert -.- |
23.10.2011, 16:12 | #15 |
/// Malware-holic | große pc probleme. mal log checken :) (silentrunners) geht der download nicht oder das brennen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu große pc probleme. mal log checken :) (silentrunners) |
adobe, antivir, avira, bho, browser, c:\windows\system32\rundll32.exe, canon, defender, desktop, desktop.ini, document, error, finds, firefox, fontcache, google, install.exe, internet, internet explorer, localsystemnetworkrestricted, log auswerten, malware, mozilla, notification, picasa, realtek, registry, rundll, scan, sched.exe, security, security scan, shell32.dll, shortcut, silentrunner, software, svchost.exe, symantec, system, user agent, vista, windows |