![]() |
|
Plagegeister aller Art und deren Bekämpfung: plötzlich "keine berechtigung" auf Programme (exe.dateien) aufzurufenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() plötzlich "keine berechtigung" auf Programme (exe.dateien) aufzurufen Hallo, seit gestern kann ich überhaupt keine Programme mehr öffnen.., kommt das mit " sie haben eventuell nicht ausreichend Berechtigung, um auf die Elemente zugreifen zu können" hab mit Antivir, Zonealarm und Malwarebytes geprüft, kam aber nix heraus. auch bei HijackThis kann ich nix verdächtiges finden..(siehe Anhang) was kann ich tun? woran liegt das, hatte sonst nie Probleme.. Lg, Martina Logfile of random's system information tool 1.06 (written by random/random) Run by .. at 2009-04-07 19:48:41 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 4 GB (26%) free of 15 GB Total RAM: 1023 MB (30% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AliceEinwahl.job C:\WINDOWS\tasks\Avira AntiVir Personal starten.job C:\WINDOWS\tasks\HiJackThis.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\RSIT.job C:\WINDOWS\tasks\TuneUp Process Manager.job C:\WINDOWS\tasks\ZoneAlarm Security.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - D:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712] {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - [] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - d:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-12-10 49152] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-21 90112] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2005-07-13 2806272] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "avgnt"=D:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "Windows Defender"=D:\Programme\Windows Defender\MSASCui.exe [2006-11-03 866584] "Launch LCDMon"=C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe [2007-04-27 774168] "Adobe Reader Speed Launcher"=D:\Programme\Adobe\Reader\Reader_sl.exe [2008-10-15 39792] "ZoneAlarm Client"=D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-19 981384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=D:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 "NoActiveDesktop"=00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "MemCheckBoxInRunDlg"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Steam\steamapps\counter-strike\hl.exe"="D:\Steam\steamapps\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:* ![]() "D:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat"="D:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled ![]() "D:\Programme\Unreal Tournament 3 (LG)\Binaries\UT3.exe"="D:\Programme\Unreal Tournament 3 (LG)\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "D:\Spiele\Shooter\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Spiele\Shooter\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db9d5c54-75f9-11dd-b8be-0013d4723837}] shell\AutoRun\command - I:\start.exe ======List of files/folders created in the last 1 months====== 2009-04-07 19:48:43 ----D---- D:\Programme\trend micro 2009-04-07 19:48:41 ----D---- C:\rsit 2009-04-07 17:04:15 ----D---- C:\WINDOWS\Minidump 2009-04-06 20:23:36 ----A---- C:\rollback.ini 2009-03-25 18:45:32 ----A---- C:\WINDOWS\system32\zpeng25.dll 2009-03-11 21:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 21:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-03-11 21:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ ======List of files/folders modified in the last 1 months====== 2009-04-07 19:48:35 ----D---- C:\WINDOWS\Temp 2009-04-07 19:46:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-04-07 19:46:09 ----D---- C:\WINDOWS\Internet Logs 2009-04-07 19:43:54 ----SD---- C:\WINDOWS\Tasks 2009-04-07 19:37:05 ----A---- C:\WINDOWS\NeroDigital.ini 2009-04-07 18:04:32 ----D---- C:\WINDOWS\Prefetch 2009-04-07 17:30:24 ----D---- C:\WINDOWS\system32\CatRoot2 2009-04-07 17:30:19 ----D---- C:\WINDOWS 2009-04-07 00:38:46 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-04-07 00:07:58 ----D---- C:\AddOn 2009-04-06 15:55:36 ----D---- D:\Programme\Mozilla Firefox 2009-04-05 17:00:57 ----D---- C:\Dokumente und Einstellungen\\Anwendungsdaten\FireShot 2009-04-01 18:12:00 ----D---- D:\Programme\PokerStars.NET 2009-03-29 03:47:11 ----D---- C:\WINDOWS\system32 2009-03-29 03:47:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-25 18:50:58 ----D---- C:\WINDOWS\system32\drivers 2009-03-25 18:43:34 ----SHD---- C:\WINDOWS\Installer 2009-03-25 18:43:33 ----D---- C:\WINDOWS\WinSxS 2009-03-22 21:18:39 ----HD---- C:\WINDOWS\inf 2009-03-19 18:42:39 ----D---- D:\Programme\McAfee 2009-03-19 04:55:42 ----D---- D:\Programme\Winamp 2009-03-15 21:31:48 ----D---- D:\Programme\PartyGaming 2009-03-15 16:33:22 ----D---- C:\WINDOWS\Debug 2009-03-13 22:38:27 ----D---- D:\Programme\ICQ6 2009-03-11 21:00:46 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-11 16:40:56 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-09 20:34:19 ----D---- D:\Programme\PKR 2009-03-09 20:34:17 ----D---- C:\Dokumente und Einstellungen\\Anwendungsdaten\Hamachi ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-12-11 148496] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-19 353672] R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232] R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768] R3 avgntflt;avgntflt; \??\D:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-05-16 223128] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-07-13 3851264] R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-12-10 24704] R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-12-10 36480] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-12-10 68992] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-01-30 25216] R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-03 25280] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; D:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; D:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112] R2 CGVPNCliSrvc;CyberGhost VPN Client; D:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2008-11-20 1940992] R2 ICQ Service;ICQ Service; D:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; D:\Programme\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] R2 NwSapAgent;SAP-Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 PDAgent;PDAgent; D:\Programme\Raxco\PerfectDisk\PDAgent.exe [2007-03-02 407056] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-23 66872] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-19 2402184] R2 WinDefend;Windows Defender; D:\Programme\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 PDEngine;PDEngine; D:\Programme\Raxco\PerfectDisk\PDEngine.exe [2007-03-02 734736] S2 0115051237481017mcinstcleanup;McAfee Application Installer Cleanup (0115051237481017); C:\WINDOWS\TEMP\011505~1.EXE C:\PROGRA~1\GEMEIN~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ServiceLayer;ServiceLayer; D:\Programme\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] |
Themen zu plötzlich "keine berechtigung" auf Programme (exe.dateien) aufzurufen |
1.exe, acroiehelper.dll, antivir, antivirus, avg, avgnt, avgnt.exe, avgntflt.sys, avira, bho, browser, call of duty, cyberghost, defender, device driver, einstellungen, explorer, fontcache, generic, hdaudio.sys, helper, hijack, hijackthis, home, internet, internet explorer, keine programme, launch, mozilla, realtek, registry, sched.exe, shortcut, siteadvisor, software, solution, svchost.exe, system, windows, windows defender, windows xp |