Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
große pc probleme. mal log checken :) (silentrunners)

große pc probleme. mal log checken :) (silentrunners)


Log-Analyse und Auswertung: große pc probleme. mal log checken :) (silentrunners)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.10.2011, 16:35   #1
booster123
 
große pc probleme. mal log checken :) (silentrunners) - Standard

große pc probleme. mal log checken :) (silentrunners)


Hier mein silentrunner logfile.
"Silent Runners.vbs", revision 63, hxxp://www.silentrunners.org/
Operating System: Windows Vista SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"LightScribe Control Panel" = "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden" ["Hewlett-Packard Company"]
"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]
"Google Update" = ""C:\Users\Irene\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" [null data]
"RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"AuditVista" = " " [file not found]
"BrMfcWnd" = "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN" ["Brother Industries, Ltd."]
"ControlCenter3" = "C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun" ["Brother Industries, Ltd."]
"FreePDF Assistant" = "C:\Program Files\FreePDF_XP\fpassist.exe" [null data]
"Skytel" = "Skytel.exe" ["Realtek Semiconductor Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"APSDaemon" = ""C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = "SkypeIEPluginBHO"
-> {HKLM...CLSID} = "Skype add-on for Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{00020d75-0000-0000-c000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]

"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{0F596EBD-429A-4DB4-8EB0-DEFC4B061B02}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Mediafour\M4M4APropertyHandler.dll" [file not found]

"{078C597B-DCDD-4D0F-AA16-6EE672D1110B}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShelliPodMenu.dll" [file not found]

"{D12267B4-252D-409A-86F9-81BACD3DCBB2}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPiPodProperties.dll" [file not found]

"{EA849122-BE61-49DC-9EB3-E241FA1A22A9}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPSendToLibrary.dll" [file not found]

"{F1EF13C1-6710-4BB8-88E6-A8EC4D7C021C}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{D5D5E899-17DB-4B8A-880C-541C463F9A03}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{E7F87E4D-7F2F-477A-90F7-2CAA694CF515}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{8E34880A-31DA-4098-B5F9-0D7AAE9163A8}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{1FC718D2-ACDF-4E87-B025-78F14FCB8043}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{31E10118-F651-4D4C-9A30-AAB5F7AA4852}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{BEDF9DD9-F218-40DB-A28E-991ED30F4214}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{079D8D57-A854-4E6D-ACF5-7DF962D37D0C}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{57ED6DCE-ED18-4F62-BFFC-82B8F5690A61}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{2D6C5F69-44F7-45C3-8CCE-8965353912F9}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{E45089AE-2127-400F-8757-A8F21401B020}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{9EF7095B-46E0-4198-971D-562ED422EDBD}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPShellReferences.dll" [file not found]

"{4262B02D-50C7-4769-81B4-FDB437488A04}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPWPDShellNamespace.dll" [file not found]

"{A608C290-F3A5-4795-9EBA-2DF5623166F9}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPWPDShellNamespace.dll" [file not found]

"{0EEFC612-DA16-4290-B112-C1AFF49042A4}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPWPDShellNamespace.dll" [file not found]

"{FE757C4C-2594-4E8C-8BA6-89F88F4B8B06}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay 3\XPWPDShellNamespace.dll" [file not found]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Shell" = "C:\Users\Irene\AppData\Local\a98a8884\X" [null data]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> ms-itss\CLSID = "{0A9007C0-4076-11D3-8789-0000F8105754}"
-> {HKLM...CLSID} = "Microsoft Infotech Storage Protocol for IE 4.0"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL" [MS]

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"
-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]

<<!>> skype-ie-addon-data\CLSID = "{91774881-D725-4E58-B298-07617B9B86A8}"
-> {HKLM...CLSID} = "Skype IE add-on Pluggable Protocol"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."]

<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"
-> {HKLM...CLSID} = "IEProtocolHandler Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

PIDirectoryHook\(Default) = "{E8244BEF-0200-4A1A-BE4E-35A4A9F51C3F}"
-> {HKLM...CLSID} = "PI5 CopyHook"
\InProcServer32\(Default) = "C:\Program Files\Mozilla Firefox\PhotoImpression 5\share\pihook.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = "{5E2121EE-0300-11D4-8D3B-444553540000}"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [empty string]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}"
-> {HKLM...CLSID} = "NBShellHook Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79305-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\logon.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

LightScribeOnArrivalAP\
"Provider" = "LightScribe Direct Disc Labeling"
"InvokeProgID" = "LightScribe.AutoPlayHandler"
"InvokeVerb" = "LabelLightScribeDisc"
HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]

NeroAutoPlay7AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"]

NeroAutoPlay7CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /DialogiscCopy %L" ["Nero AG"]

NeroAutoPlay7DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "DataDisc_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"]

NeroAutoPlay7LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]

NeroAutoPlay7PlayAudioCD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7PlayDVD\
"Provider" = "Nero ShowTime"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]

NeroAutoPlay7RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

NeroAutoPlay7TranscodeVideo\
"Provider" = "Nero Recode"
"InvokeProgID" = "Nero.AutoPlay7"
"InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]

NeroAutoPlay7VideoCapture\
"Provider" = "Nero Vision"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

Picasa2ImportPicturesOnArrival\
"Provider" = "Picasa3"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]

WIA_{0DC60EAE-1463-44B7-85E2-A43AB36A8FE2}\
"Provider" = "Picasa2"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{23E94846-6AB6-4C08-B1C2-73F9B1127A8B}\
"Provider" = "Picasa2"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{28B7F213-E94F-4EA2-A94D-A7DEFAE8A8D4}\
"Provider" = "Microsoft Office Document Scanning"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Common Files\Microsoft Shared\MODI\11.0\MSPSCAN.EXE;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{F0F37360-5854-4C4E-B8B9-AF9ECAB2FCE3}\
"Provider" = "Picasa3"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

WIA_{F911C2C0-CB85-4DC9-B23A-17EC9331185E}\
"Provider" = "ControlCenter3"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = "/WiaCmd;C:\Program Files\Brother\ControlCenter3\brctrcen.exe /StiDevice:%1 /StiEvent:%2;"
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]


Startup items in "Irene" & "All Users" startup folders:
-------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing LP"]


Windows Sidebar Gadgets:
------------------------

C:\Users\Irene\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
%PROGRAMFILES%\windows sidebar\gadgets\Clock.gadget
%PROGRAMFILES%\windows sidebar\gadgets\SlideShow.Gadget
%PROGRAMFILES%\windows sidebar\gadgets\RSSFeeds.Gadget


Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
"GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001Core" -> launches: "C:\Users\Irene\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001UA" -> launches: "C:\Users\Irene\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"Norton Security Scan for Irene" -> (HIDDEN!) launches: "C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe /scan-quick /scheduled" ["Symantec Corporation"]
"Start Registry Reviver" -> launches: "C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe -autorun" [file not found]
"{A439BB40-B0DD-487D-948E-DA1AFA814F74}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Users\Irene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X34EXQ4K\HJTInstall.exe" -d C:\Users\Irene\Desktop" [MS]
"{C791566E-54A6-4DAF-8C0F-0153AA08A504}" -> launches: "C:\Windows\system32\pcalua.exe -a D:\Software\Nero\setupx.exe -d D:\Software\Nero" [MS]
"{DC5EBC73-8890-4FE5-8708-D8783AA5F901}" -> launches: "C:\Program Files\Skype\Phone\Skype.exe" ["Skype Technologies S.A."]

C:\Windows\System32\Tasks\Apple
"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"
-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
-> {HKLM...CLSID} = "Nap ITask Handler Implementation"
\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
-> {HKLM...CLSID} = "CrawlStartPages Task Handler"
\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
"WSHReset" -> (HIDDEN!) launches: "%systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar
"Reminders - Irene" -> launches: "C:\Program Files\Windows Calendar\wincal.exe /reminder" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]

C:\Windows\System32\Tasks\WPD
"SqmUpload_S-1-5-21-1736235967-2657770174-236075978-1001" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000005\LibraryPath = "mswsock.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
mswsock.dll [MS], 01 - 18


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
"ButtonText" = "Skype add-on for Internet Explorer"
"MenuText" = "Skype add-on for Internet Explorer"
"CLSIDExtension" = "{898EA8C8-E7FF-479B-8935-AEC46303B9E5}"
-> {HKLM...CLSID} = "Skype add-on for Internet Explorer (toolbar button)"
\InProcServer32\(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll" ["Skype Technologies S.A."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
Ati External Event Utility, Ati External Event Utility, "C:\Windows\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
BrSplService, Brother XP spl Service, "C:\Windows\system32\brsvc01a.exe" ["brother Industries Ltd"]
Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
ProtexisLicensing, ProtexisLicensing, "C:\Windows\system32\PSIService.exe" [null data]
Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
Windows-Dienst für Schriftartencache, FontCache, "C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation" {"C:\Windows\system32\FntCache.dll" [MS]}
Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
CNY SELPHY CP LM11\Driver = "CNYMLM11.DLL" ["Canon INC."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Redirected Port\Driver = "redmonnt.dll" [null data]


---------- (launch time: 2011-10-22 17:22:27)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 64 seconds.
---------- (total run time: 128 seconds)

danke schonmal!

 

Themen zu große pc probleme. mal log checken :) (silentrunners)
adobe, antivir, avira, bho, browser, c:\windows\system32\rundll32.exe, canon, defender, desktop, desktop.ini, document, error, finds, firefox, fontcache, google, install.exe, internet, internet explorer, localsystemnetworkrestricted, log auswerten, malware, mozilla, notification, picasa, realtek, registry, rundll, scan, sched.exe, security, security scan, shell32.dll, shortcut, silentrunner, software, svchost.exe, symantec, system, user agent, vista, windows


« Bundespolizei Scareware Befall *mit OTL-Logdatei* | Bundespolizei uksah »


Ähnliche Themen: große pc probleme. mal log checken :) (silentrunners)


  1. Flash Player macht große Probleme
    Plagegeister aller Art und deren Bekämpfung - 09.06.2015 (7)
  2. Win 7 Ultimate 64bit Große Probleme mit colormedia.dll
    Log-Analyse und Auswertung - 10.04.2015 (17)
  3. Große Probleme mit SP1 Windows 7
    Alles rund um Windows - 03.02.2014 (6)
  4. große probleme mit adobe flash player
    Plagegeister aller Art und deren Bekämpfung - 16.03.2013 (2)
  5. Große Probleme mit dem Aufrufen von Internetseiten
    Alles rund um Windows - 14.07.2012 (10)
  6. C:\ProgramData\iLeAAmvQHHaC.exe | Macht große Probleme
    Plagegeister aller Art und deren Bekämpfung - 15.04.2011 (5)
  7. Große Probleme mit Vundo, Xpack und Zpack.gen
    Plagegeister aller Art und deren Bekämpfung - 26.01.2010 (3)
  8. Große Probleme
    Plagegeister aller Art und deren Bekämpfung - 30.12.2009 (2)
  9. wcs.exe/wcm.exe/=sehr große Probleme!
    Plagegeister aller Art und deren Bekämpfung - 28.09.2008 (3)
  10. große Adware probleme!!!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2008 (15)
  11. Große Probleme???????
    Log-Analyse und Auswertung - 08.07.2007 (19)
  12. Große Probleme mit Panda!!!
    Antiviren-, Firewall- und andere Schutzprogramme - 08.11.2005 (9)
  13. Große Probleme / Bitte um Hilfe
    Log-Analyse und Auswertung - 24.10.2005 (2)
  14. bitte hilfe, hab große probleme
    Log-Analyse und Auswertung - 28.07.2005 (1)
  15. Große Probleme
    Plagegeister aller Art und deren Bekämpfung - 14.01.2005 (25)
  16. Ich versteh den Log auch nicht.. | Hab große Probleme mit dem PC
    Log-Analyse und Auswertung - 03.01.2005 (7)
  17. Große Probleme! Ich bitte um hilfe!!!!!
    Log-Analyse und Auswertung - 02.12.2004 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema große pc probleme. mal log checken :) (silentrunners) - Hier mein silentrunner logfile. "Silent Runners.vbs", revision 63, hxxp://www.silentrunners.org/ Operating System: Windows Vista SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- - große pc probleme. mal log checken :) (silentrunners)...
Archiv
Du betrachtest: große pc probleme. mal log checken :) (silentrunners) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131