Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Was geht mit meinem pc? was tun? runscanner logfile

Was geht mit meinem pc? was tun? runscanner logfile


Plagegeister aller Art und deren Bekämpfung: Was geht mit meinem pc? was tun? runscanner logfile

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 23.08.2008, 11:45   #16
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


Code:
ATTFilter
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Software\Adobe\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
  -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
                   \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
  -> {HKLM...CLSID} = "Shell Extension for CDRW"
                   \InProcServer32\(Default) = "C:\Programme\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{1AC145F8-E05B-4a04-AFDC-697BD70832B1}" = "Gigabank"
  -> {HKLM...CLSID} = "Gigabank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d66-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d67-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d68-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d69-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<<!>> ("msapsspc.dllschannel.dlldigest.dllmsnsspc.dll" [file not found]) "SecurityProviders" = "msapsspc.dllschannel.dlldigest.dllmsnsspc.dll"

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]|"??*??" (unwritable string) [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

Alt 23.08.2008, 11:47   #17
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


die werbepopups sind weg aber mein startmenü öffnet sich immer noch von alleine und dabei piepst der pc
__________________
Alt 23.08.2008, 12:51   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was geht mit meinem pc? was tun? runscanner logfile - Ausrufezeichen

Was geht mit meinem pc? was tun? runscanner logfile


Das Log scheint immer noch unvollständig zu sein! Öffne doch einfach mal die Datei und markiere alles mit der Tastenkombi STRG+A, dann kopieren und nochmal hier einfügen...

Öffne dann mal auch den Registrierungseditor (regedit.exe über Start, Ausführen) und navigiere zu

Code:
ATTFilter
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
Stell sicher, daß der Eintrag "BootExecute" nur diesen Wert hat:

Code:
ATTFilter
autocheck autochk *
__________________
__________________
Geändert von root24 (23.08.2008 um 12:57 Uhr)

Alt 23.08.2008, 12:56   #19
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


Code:
ATTFilter
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Software\Adobe\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
  -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
                   \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
  -> {HKLM...CLSID} = "Shell Extension for CDRW"
                   \InProcServer32\(Default) = "C:\Programme\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
                   \InProcServer32\(Default) = "C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{1AC145F8-E05B-4a04-AFDC-697BD70832B1}" = "Gigabank"
  -> {HKLM...CLSID} = "Gigabank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d66-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d67-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d68-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]
"{489d8d69-38d6-4dd3-83d5-9a7e07b65904}" = "FotoBank"
  -> {HKLM...CLSID} = "FotoBank"
                   \InProcServer32\(Default) = "C:\Programme\FAST Gigabank\FotoBanker.dll" ["FAST LTA AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<<!>> ("msapsspc.dllschannel.dlldigest.dllmsnsspc.dll" [file not found]) "SecurityProviders" = "msapsspc.dllschannel.dlldigest.dllmsnsspc.dll"

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]|"??*??" (unwritable string) [file not found]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Software\Adobe\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
  -> {HKLM...CLSID} = "MBAMShlExt Class"
                   \InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
  -> {HKLM...CLSID} = "Shell Extension for Malware scanning"
                   \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
  -> {HKLM...CLSID} = "MBAMShlExt Class"
                   \InProcServer32\(Default) = "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CanonCW50PicturesOnArrival\
"Provider" = "Canon CameraWindow"
"InvokeProgID" = "Cw50.AutoplayHandler"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Cw50.AutoplayHandler\shell\open\command\(Default) = "C:\Programme\Canon\CameraWindow\CameraWindowMC\CameraLauncherMC.exe" [empty string]

CanonZB4PicturesOnArrival\
"Provider" = "ZoomBrowser EX"
"InvokeProgID" = "Zb.AutoplayHandler"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = "C:\Programme\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY ""%1"""" [empty string]

IviCDAUDIOEventHandler\
"Provider" = "InterVideo WinDVD 7"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\DVD7\WinDVD.exe %1" ["InterVideo Inc."]

IviDVDEventHandler\
"Provider" = "InterVideo WinDVD 7"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\DVD7\WinDVD.exe %1" ["InterVideo Inc."]

IviVideoCDHandler\
"Provider" = "InterVideo WinDVD 7"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\DVD7\WinDVD.exe %1" ["InterVideo Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
  -> {HKLM...CLSID} = "WPDShextAutoplay"
                   \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Programme\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

PPCDBurningOnArrival\
"Provider" = "PowerProducer"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerProducer"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Programme\CyberLink DVD Solution\PowerProducer\Producer.exe"" ["Cyberlink"]

PPDCameraArrival\
"Provider" = "PowerProducer"
"InvokeProgID" = "Picture"
"InvokeVerb" = "OpenWithPowerProducer"
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Programme\CyberLink DVD Solution\PowerProducer\Producer.exe"" ["Cyberlink"]

PPDVArrival\
"Provider" = "PowerProducer"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Programme\CyberLink DVD Solution\PowerProducer\Producer.exe""
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
  -> {HKLM...CLSID} = "ICQToolBar"
                   \InProcServer32\(Default) = "C:\Programme\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQToolBar"
  -> {HKLM...CLSID} = "ICQToolBar"
                   \InProcServer32\(Default) = "C:\Programme\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
                   \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "C:\Programme\PartyGaming\PartyPoker\RunApp.exe" [empty string]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" [file not found]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]

{F4430FE8-2638-42E5-B849-800749B94EED}\
"ButtonText" = "PartyPoker.net"
"MenuText" = "PartyPoker.net"
"Exec" = "C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
  -> {HKLM...CLSID} = "ICQToolBar"
                   \InProcServer32\(Default) = "C:\Programme\ICQ6Toolbar\ICQToolBar.dll" ["ICQ"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Avira AntiVir Personal – Free Antivirus Guard, AntiVirService, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Personal – Free Antivirus Planer, AntiVirScheduler, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
Canon Camera Access Library 8, CCALib8, "C:\Programme\Canon\CAL\CALMAIN.exe" ["Canon Inc."]
ICQ Service, ICQ Service, "C:\Programme\ICQ6Toolbar\ICQ Service.exe" [empty string]
InCD Helper, InCDsrv, "C:\Programme\Ahead\InCD\InCDsrv.exe" ["Nero AG"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]


---------- (launch time: 2008-08-23 12:38:27)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 131 seconds, including 14 seconds for message boxes)
Der wert von bootexecute stimmt...

Dir mal ein dickes Danke Schön!!!!
Geändert von Kathi_87 (23.08.2008 um 13:04 Uhr)

Alt 24.08.2008, 15:53   #20
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


Gibt es denn wirklich keine lösung für mein Problem???
ist denn der virus oder was auch immer weg wenn ich windows neu installiere?


Alt 24.08.2008, 16:59   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was geht mit meinem pc? was tun? runscanner logfile - Icon32

Was geht mit meinem pc? was tun? runscanner logfile


Was ist denn noch überhaupt von den Symptomen da?
__________________
--> Was geht mit meinem pc? was tun? runscanner logfile

Alt 25.08.2008, 12:57   #22
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


Das startmenü öffnet sich alle paar minuten von allein und dabei piepst der pc...die maus macht sich währendessen selbstständig und öffnet programme aus dem startmenü und schließt ordner oder ie die ich gerade nutze....

Alt 25.08.2008, 16:56   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


Tritt das nur auf wenn Du online bist?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.08.2008, 18:46   #24
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


hab das jetzt mal beobachtet...es tritt nicht auf wenn ich offline bin und auch nicht wenn ich online bin aber kein ie oder firefox benutze...erst wenn ich nen browser starte...
wenn das passiert rufe ich meistens den taskmanager auf und dann lässt es nach.
danach spinnt die maus manchmal noch:linksklick entspricht dann rechtsklick...

Alt 28.08.2008, 21:00   #25
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Unglücklich

Was geht mit meinem pc? was tun? runscanner logfile


ich hab jetzt mal windows neu installiert und das gleiche problem mit dem startmenü und so tritt immer noch auf...
war seit der installation noch nicht online

Alt 29.08.2008, 13:25   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


Du hast komplett neuinstalliert? Inkl. Formatieren der Festplatte?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.08.2008, 16:25   #27
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


jepp inklusive formatieren

Alt 29.08.2008, 17:38   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was geht mit meinem pc? was tun? runscanner logfile - Icon32

Was geht mit meinem pc? was tun? runscanner logfile


Schonmal Maus und Tastatur gewechselt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.09.2008, 18:21   #29
Kathi_87
 
Was geht mit meinem pc? was tun? runscanner logfile - Standard

Was geht mit meinem pc? was tun? runscanner logfile


hab jetzt mal die maus und die tastatur ausgetauscht....das problem is weg...der mauszeiger bewegt sich nur noch langsam von alleine...ist das normal?

Alt 02.09.2008, 18:54   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Was geht mit meinem pc? was tun? runscanner logfile - Icon31

Was geht mit meinem pc? was tun? runscanner logfile


Lass mich raten....
Du hast ne optische Maus mit ner schlechten Unterlage...
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu Was geht mit meinem pc? was tun? runscanner logfile
adobe, antivir, antivirus, avgnt.exe, avgntflt.sys, avira, c:\windows\system32\services.exe, canon, ctfmon.exe, dateien, drivers, einstellungen, excel, helfen, helper, icq, jusched.exe, keine ahnung, location, logfile, logon.exe, lsass.exe, maus, mdm.exe, microsoft, pop ups, programme, scan, scanner.exe, sched.exe, services.exe, software, sptd.sys, svchost.exe, ups, was tun, werbung, windows, windows\system32\drivers, winlogon.exe, öffnet


« RunDLL - Modul nicht gefunden (?) | Mehrere Trojaner auf meinem Laptop »


Ähnliche Themen: Was geht mit meinem pc? was tun? runscanner logfile


  1. Bei jede bewegung auf meinem PC geht ein Popup auf
    Log-Analyse und Auswertung - 18.03.2015 (2)
  2. wie bekomme ich Spy Hunter 4 von meinem Rechner- deaktivieren geht nicht
    Log-Analyse und Auswertung - 01.12.2014 (1)
  3. Es geht nichts mehr an meinem Rechner nach Löschung von consrv.dll :-(
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (1)
  4. LOGFILE: Trojaner auf meinem System
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (1)
  5. Internet geht auf meinem Rechner nicht mehr, auf allen anderen schon
    Alles rund um Windows - 12.10.2009 (3)
  6. Was haltet ihr von meinem Logfile?
    Log-Analyse und Auswertung - 02.08.2009 (17)
  7. Anleitung: Runscanner
    Anleitungen, FAQs & Links - 19.04.2008 (0)
  8. Hilfe! Trojaner auf meinem PC... HJT Logfile
    Log-Analyse und Auswertung - 25.01.2008 (0)
  9. TR/Agent.AFGS.30 auf meinem Rechner und nichts geht mehr... HILFE!!!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2007 (1)
  10. bei meinem pc geht gar nix mehr
    Log-Analyse und Auswertung - 23.08.2007 (4)
  11. alles i.o. mit meinem logfile?
    Log-Analyse und Auswertung - 29.04.2006 (3)
  12. Was geht mit meinem Explorer??
    Log-Analyse und Auswertung - 25.04.2006 (6)
  13. brauche hilfe mit meinem logfile
    Log-Analyse und Auswertung - 28.01.2006 (9)
  14. Ist bei meinem Logfile alles in Ordung?
    Log-Analyse und Auswertung - 22.11.2005 (1)
  15. Logfile von meinem Laptop
    Log-Analyse und Auswertung - 02.08.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Was geht mit meinem pc? was tun? runscanner logfile - Code: Alles auswählen Aufklappen ATTFilter "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- - Was geht mit meinem pc? was tun? runscanner logfile...
Archiv
Du betrachtest: Was geht mit meinem pc? was tun? runscanner logfile auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131