| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFEWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.08.2009, 14:39
| #16 |
 |  Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE doppelklick und halt bei öffnen |
|
29.08.2009, 14:42
| #17 |
| /// TB-Ausbilder     | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Hi,
__________________wo liegen die Dateien? Auf deinem Desktop? lg myrtille
__________________ |
|
29.08.2009, 14:44
| #18 |
| | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE ja und wenn ich sie in einen ordner auf dem desktop mache geht es auch nicht
__________________ |
|
29.08.2009, 14:49
| #19 |
| /// TB-Ausbilder | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Ok, lege das vbs-skript als silentrunners.vbs auf dem Desktop ab. Gehe nach start->programme->zubehör-> mache einen rechtsklick auf "Eingabeaufforderung" und wähle "Als Administrator ausführen" aus. Es sollte ein DOS-Fenster aufgehen. Gib darin ein: cd Desktop <enter> wscript silentrunners.vbs <enter> Klappt das? Öffnet sich notepad mit einem Log? Gibt es eine Fehlermeldung? Wenn ja,poste bitte den genauen Wortlaut. lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
29.08.2009, 15:00
| #20 |
| | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Die Skriptdatei "C:\Users\XXX\Desktop\silentrunners.vbs" wurde nicht gefunden. habe sie aber aufm desktop und sie heißt auch genau so ich würde das system neu aufsetzen wenn ich wüsste das ich mit die "Acer empovering technology" runterladen könnte, und die laut-leise taste funktionieren würde, der rest wäre mir auch nicht so wichtig... |
|
29.08.2009, 15:08
| #21 |
| /// TB-Ausbilder | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Hi, was für ein Acer hast du denn, dann würd ich ma schauen, ob ich da was entsprechendes finde. hast du die Eingabeaufforderung noch offen? Gib da bitte mal: dir >tmp.txt && notepad tmp.txt ein. Es sollte sich ein Fenster öffnen, bitte den Inhalt hierher kopieren. (Sollte der Inhalt deines Desktops sein... wenn du da also Dokumente hast, die du nicht hier posten willst, die bitte rausnehmen. Unbekanntes bitte drin lassen) lg myrtille
__________________ --> Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE |
|
29.08.2009, 15:14
| #22 |
| | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: XXX Verzeichnis von C:\Users\XXX 29.08.2009 16:10 <DIR> . 29.08.2009 16:10 <DIR> .. 23.04.2009 18:19 <DIR> .tuxguitar-1.0 15.10.2008 19:55 <DIR> Application Data 25.08.2008 21:08 <DIR> Contacts 29.08.2009 15:57 <DIR> Desktop 19.08.2009 22:53 <DIR> Documents 02.01.2009 00:45 <DIR> Downloads 17.12.2008 01:32 <DIR> Favorites 01.10.2008 20:12 <DIR> Links 12.09.2008 14:13 <DIR> Music 02.01.2009 00:45 <DIR> Pictures 13.09.2008 15:02 <DIR> Saved Games 25.08.2008 21:08 <DIR> Searches 21.12.2008 02:34 <DIR> temp 29.08.2009 16:10 0 tmp.txt 14.04.2009 23:25 <DIR> Videos 1 Datei(en), 0 Bytes 16 Verzeichnis(se), 66.756.005.888 Bytes frei das steht da drin. tuxguitar ist eine tabulatur programm für gitarre ich habe ein Acer Aspire 5920G mit Vista. aber Vista wurde nicht mitgeliefert und von daher würde ich Xp Home draufmachen (Version 2002) mit SP 2 |
|
29.08.2009, 15:18
| #23 |
| /// TB-Ausbilder | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Hi, sorry ich dachte du hättest die Eingabeaufforderung noch offen. Mach bitte die Eingabeaufforderung nochmal auf, gib erst cd Desktop ein und dann dir >tmp.txt && notepad tmp.txt und poste den Inhalt hier. Ich schau mal wegen der Treiber. lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
29.08.2009, 15:23
| #24 |
| | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Datentr„ger in Laufwerk C: ist ACER Volumeseriennummer: XXX Verzeichnis von C:\Users\XXX\Desktop 29.08.2009 16:22 <DIR> . 29.08.2009 16:22 <DIR> .. 26.08.2008 20:26 104 Computer.lnk 29.08.2009 15:10 400.192 silentrunners.vbs.txt 29.08.2009 16:22 0 tmp.txt 3 Datei(en), 400.296 Bytes 2 Verzeichnis(se), 66.757.021.696 Bytes frei wenn ich in eingaberaufforderung silentrunners.vbs.txt eingebe dann öffnet der wieder das script im editor Vielen Dank  so sieht mein desktop eigl immer aus ist eigl immer leer. speicher immer alles auf meine Daten Partition. |
|
29.08.2009, 15:46
| #25 |
| /// TB-Ausbilder | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Hi, ok, das war mein Fehler. Wieder die Eingabeaufforderung, und die 3 Befehle nacheinander eingeben: cd Desktop ren silentrunners.vbs.txt silentrunners.vbs wscript silentrunners.vbs Diesmal sollte es hoffentlich gehen und ein log produzieren Außerdem könntest du folgendes noch probieren, um deinen Rechner auf Malware scannen zu lassen, falls du einen sauberen Rechner zur Verfügung hast: Avira Rescue System herunterladen: klick Einfach Avira Rescue System auf einen sauberen Rechner mit CD Brenner herunterladen, eine leere CD in den Brenner legen und die Datei rescue_system-common-en.exe ausführen. Im Idealfall hast du danach eine bootbare CD. Diese dann im infizierten Rechner einlegen und von der CD booten um den Rechner mit Avira zu scannen. Ausführliche Infos zur Nutzung der CD gibt es bei Avira: Link lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
29.08.2009, 15:52
| #26 |
| | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE da passiert was aber am ende kommt nur wieder das script im editor raus also die datei ist auf meinem desktop und wenn ich die öffne ist das eine editor datei. Startup Programs (XXX-PC) 2009-08-29 16.52.47 |
|
29.08.2009, 15:56
| #27 |
| /// TB-Ausbilder | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Hi, dann versuche bitte mal folgendes (die Eingabeaufforderung mit Adminrechten ausführen!): cd desktop cscript silentrunners.vbs >tmp.txt && tmp.txt Poste den Inhalt des sich öffnenden Fensters. Könntest du dir eventuell das Avira Rescue System brennen? lg myrtille EDIT: Für deinen Aspire scheint es die Treiber offiziell nur für Vista zugeben: http://support.acer-euro.com/drivers...k/as_5920.html 
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
|
29.08.2009, 16:23
| #28 |
| | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Microsoft (R) Windows Script Host, Version 5.7 Copyright (C) Microsoft Corporation 1996-2001. Alle Rechte vorbehalten. "Silent Runners" has started. Please be patient... Silent Runners R59 is done! The results are in the file: Startup Programs (XXX-PC) 2009-08-29 17.16.43.txt This file is in the same directory as the script. das kommt dann... Das ist der Inhalt von der Startup: "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows Vista Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Cognac" = "C:\Users\XXX\AppData\Local\Temp\~tmpb.exe" [file not found] "ICQ" = ""C:\Program Files\ICQ6.5\ICQ.exe" silent" [file not found] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Program Files\ICQ51\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide" "ALaunch" = "C:\Acer\ALaunch\AlaunchClient.exe" [file not found] "SynTPStart" = "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."] "eDataSecurity Loader" = "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" ["Egis Incorporated"] "eAudio" = ""C:\Acer\Empowering Technology\eAudio\eAudio.exe"" ["CyberLink"] "IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" ["Intel Corporation"] "RtHDVCpl" = "RtHDVCpl.exe" ["Realtek Semiconductor"] "NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS] "LManager" = "C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" ["Dritek System Inc."] "PlayMovie" = ""C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"" ["CyberLink Corp."] "PLFSetI" = "C:\Windows\PLFSetI.exe" [empty string] "eRecoveryService" = "(empty string)" [file not found] "WarReg_PopUp" = "C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [null data] "avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "ICQ Lite" = ""C:\Program Files\ICQ51\ICQLite.exe" -minimize" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {500BCA15-57A7-4eaf-8143-8C619470B13D}\(Default) = "XML module" -> {HKLM...CLSID} = "XML Class" \InProcServer32\(Default) = "C:\Windows\system32\msxml71.dll" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" = "eDS psd drag drop protection" -> {HKLM...CLSID} = "DragDropProtect Class" \InProcServer32\(Default) = "C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll" ["Egis Incorporated"] "{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension" -> {HKLM...CLSID} = "EPM-PO Shell Extensions" \InProcServer32\(Default) = "epm-po.dll" [file not found] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQ51\ICQLiteShell.dll" [empty string] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EDSshellExt\(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}" -> {HKLM...CLSID} = "eDSshlExt Class" \InProcServer32\(Default) = "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll" ["Egis Incorporated."] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQ51\ICQLiteShell.dll" [empty string] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EDSshellExt\(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}" -> {HKLM...CLSID} = "eDSshlExt Class" \InProcServer32\(Default) = "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll" ["Egis Incorporated."] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Program Files\ICQ51\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} "EnableLUA" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} "EnableVirtualization" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} "EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\Timon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ HPGGPhotoEventHandler\ "Provider" = "HP Photosmart Essential" "InvokeProgID" = "HP.acquireautoplayG" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\HP.acquireautoplayG\shell\open\DropTarget\CLSID = "{F3A39B00-BE67-4d7d-BED7-53E9C510EC5B}" -> {HKLM...CLSID} = "HP AcquireAutoPlay2 Class" \InProcServer32\(Default) = "C:\Program Files\HP\Photosmart Essential\AcquireAutoPlay.dll" [empty string] iTunesBurnCDOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.BurnCD" "InvokeVerb" = "burn" HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."] iTunesImportSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ImportSongsOnCD" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."] iTunesPlaySongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.PlaySongsOnCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."] iTunesShowSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ShowSongsOnCD" "InvokeVerb" = "showsongs" HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."] LightScribeOnArrivalAP\ "Provider" = "LightScribe Direct Disc Labeling" "InvokeProgID" = "LightScribe.AutoPlayHandler" "InvokeVerb" = "LabelLightScribeDisc" HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"] MDCBlankCDArrival\ "Provider" = "DVDivine" "InvokeProgID" = "BlankCD" "InvokeVerb" = "OpenWithMakeDisc" HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithMakeDisc\Command\(Default) = ""C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe"" ["Acer Incorporated"] MDCDVDBurningOnArrival\ "Provider" = "DVDivine" "InvokeProgID" = "BlankDVD" "InvokeVerb" = "OpenWithMakeDisc" HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithMakeDisc\Command\(Default) = ""C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe"" ["Acer Incorporated"] NTIBurner\ "Provider" = "NTI CD-Maker" "InvokeProgID" = "NTIBurnerOpen" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = ""C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe"" ["NewTech Infosystems, Inc."] PlayMoviePlayDVDMovieOnArrival\ "Provider" = "Play Movie" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPlayMovie" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPlayMovie\Command\(Default) = ""C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe" "%L"" ["CyberLink Corp."] PPCDBurningOnArrival\ "Provider" = "PowerProducer" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerProducer" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" ["CyberLink"] PPDCameraArrival\ "Provider" = "PowerProducer" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerProducer" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" ["CyberLink"] PPDVArrival\ "Provider" = "PowerProducer" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\CyberLink\PowerProducer\Producer.exe"" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler" \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] VLCPlayCDAudioOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.CDAudio" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda://%1" ["the VideoLAN Team"] VLCPlayDVDMovieOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.DVDMovie" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd://%1" ["the VideoLAN Team"] Startup items in "Timon" & "All Users" startup folders: ------------------------------------------------------- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] "phase6_17_erinnerung" -> shortcut to: "C:\Program Files\phase6\phase6_17\WinStart\WinStart.exe" [null data] <<!>> "SETAUDIO.EXE" [null data] <<!>> "SETRES.EXE" [null data] |
|
29.08.2009, 16:24
| #29 |
| | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE Non-disabled Scheduled Tasks: ----------------------------- C:\Windows\System32\Tasks "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Inc."] "At1" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At10" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At11" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At12" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At13" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At14" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At15" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At16" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At17" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At18" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At19" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At2" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At20" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At21" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At22" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At23" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At24" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At25" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At26" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At27" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At28" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At29" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At3" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At30" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At31" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At32" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At33" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At34" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At35" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At36" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At37" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At38" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At39" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At4" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At40" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At41" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At42" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At43" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At44" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At45" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At46" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At47" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At48" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At49" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At5" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At50" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At51" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At52" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At53" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At54" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At55" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At56" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At57" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At58" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At59" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At6" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At60" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At61" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At62" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At63" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At64" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At65" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At66" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At67" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At68" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At69" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At7" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At70" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At71" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At72" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At73" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At74" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At75" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At76" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At77" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At78" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At79" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At8" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At80" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At81" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At82" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At83" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At84" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At85" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At86" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At87" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At88" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At89" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At9" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At90" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At91" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At92" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At93" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At94" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At95" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "At96" -> launches: "C:\Windows\system32\b6qrL2L3.exe" [file not found] "{F07A7B97-8575-43C4-9ACC-3CE5A708B255}" -> launches: "C:\Windows\system32\pcalua.exe -a "C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE" -c /REMOVE" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}" -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS] "OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS] "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS] "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS] "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS] "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS] "TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}" -> {HKLM...CLSID} = "Transient Multi-Monitor Manager" \InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection "NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}" -> {HKLM...CLSID} = "Nap ITask Handler Implementation" \InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System "ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC "RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Shell "CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}" -> {HKLM...CLSID} = "CrawlStartPages Task Handler" \InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip "IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS] "IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\WDI "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wired "GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Wireless "GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows Defender "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000007\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 36 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" -> {HKLM...CLSID} = "Acer eDataSecurity Management" \InProcServer32\(Default) = "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll" ["Egis Incorporated."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" = (no title provided) -> {HKLM...CLSID} = "Acer eDataSecurity Management" \InProcServer32\(Default) = "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll" ["Egis Incorporated."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Program Files\ICQ51\ICQLite.exe" ["ICQ Ltd."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ALaunch Service, ALaunchService, "C:\Acer\ALaunch\ALaunchSvc.exe" [null data] Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple Inc."] Automatische WLAN-Konfiguration, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]} Avira AntiVir Personal - Free Antivirus Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] Avira AntiVir Personal - Free Antivirus Planer, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Bonjour-Dienst, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."] CNG-Schlüsselisolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS] Computerbrowser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]} Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared Files\RichVideo.exe"" [empty string] eDataSecurity Service, eDataSecurity Service, ""C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"" ["Egis Incorporated"] eLock Service, eLockService, "C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe" [null data] eNet Service, eNet Service, "C:\Acer\Empowering Technology\eNet\eNet Service.exe" ["Acer Inc."] ePower Service, WMIService, "C:\Acer\Empowering Technology\ePower\ePowerSvc.exe" ["acer"] eRecovery Service, eRecoveryService, "C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe" [null data] eSettings Service, eSettingsService, "C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe" [null data] Extensible Authentication-Protokoll, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]} HP CUE DeviceDiscovery Service, hpqddsvc, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]} HP Network Devices Support, HPSLPSVC, "C:\Windows\system32\svchost.exe -k HPService" {"C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL" ["Hewlett-Packard Co."]} hpqcxs08, hpqcxs08, "C:\Windows\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]} Intel(R) Matrix Storage Event Monitor, IAANTMON, "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe" ["Intel Corporation"] iPod-Dienst, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] MobilityService, MobilityService, "C:\Acer\Mobility Center\MobilityService.exe -p" [null data] Net Driver HPZ12, Net Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZinw12.dll" ["Hewlett-Packard"]} Pml Driver HPZ12, Pml Driver HPZ12, "C:\Windows\System32\svchost.exe -k HPZ12" {"C:\Windows\system32\HPZipm12.dll" ["Hewlett-Packard"]} PnkBstrA, PnkBstrA, "C:\Windows\system32\PnkBstrA.exe" [null data] SSTP-Dienst, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]} TeamViewer 3, TeamViewer, ""C:\Program Files\TeamViewer3\TeamViewer_Service.exe" -service" ["TeamViewer GmbH"] Windows Driver Foundation - Benutzermodus-Treiberframework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]} Windows-Bilderfassung, stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]} XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."] Zugriff auf Eingabegeräte, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] PCL hpz3l4v2\Driver = "hpz3l4v2.dll" ["Hewlett-Packard Company"] PCL hpz3llhn\Driver = "hpz3llhn.dll" ["Hewlett-Packard Company"] ---------- (launch time: 2009-08-29 17:16:43) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 36 seconds) |
|
29.08.2009, 16:25
| #30 |
| | Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE SOOO^^ und das mit der cd geht auch nicht weil ich bei mir nur wlan habe und nur das notebook und einen rechner habe aber keinen wlan stick... |
|
| Themen zu Habe Trojaner, kann exe dateien nicht ausführen, anti-viren programme weg, ... HILFE |
| .exe datei, acer, acer aspire, andere, aspire, ausführen, datei, dateien, datein, exe, exe dateien, firewall, frage, fragen, funktionieren, funktioniert, icq, laufen, namen, programm, programme, programme weg, thunderbird, troja, trojaner, viren, wenig |
Linear-Darstellung
